fix(nextjs): Drop user, session, organization from auth()

clerk · Oct 29, 2023 · 89f0185 · 89f0185
1 parent a2f451b
commit 89f0185
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 2 deletions.
diff --git a/.changeset/thin-phones-drop.md b/.changeset/thin-phones-drop.md
@@ -0,0 +1,5 @@
+---
+'@clerk/nextjs': patch
+---
+
+Drop `user`, `session`, and `organization` resouces from the returned value of `auth()`.
diff --git a/packages/nextjs/src/server/getAuth.ts b/packages/nextjs/src/server/getAuth.ts
@@ -1,4 +1,4 @@
-import type { Organization, Session, SignedInAuthObject, SignedOutAuthObject, User } from '@clerk/backend';
+import type { AuthObject, Organization, Session, SignedInAuthObject, SignedOutAuthObject, User } from '@clerk/backend';
 import {
   AuthStatus,
   constants,
@@ -18,6 +18,8 @@ import { getAuthKeyFromRequest, getCookie, getHeader, injectSSRStateIntoObject }
 
 type GetAuthOpts = Partial<SecretKeyOrApiKey>;
 
+type AuthObjectWithoutResources<T extends AuthObject> = Omit<T, 'user' | 'organization' | 'session'>;
+
 export const createGetAuth = ({
   debugLoggerName,
   noAuthStatusMessage,
@@ -26,7 +28,10 @@ export const createGetAuth = ({
   debugLoggerName: string;
 }) =>
   withLogger(debugLoggerName, logger => {
-    return (req: RequestLike, opts?: GetAuthOpts): SignedInAuthObject | SignedOutAuthObject => {
+    return (
+      req: RequestLike,
+      opts?: GetAuthOpts,
+    ): AuthObjectWithoutResources<SignedInAuthObject | SignedOutAuthObject> => {
       const debug = getHeader(req, constants.Headers.EnableDebug) === 'true';
       if (debug) {
         logger.enable();