├── .gitignore ├── README.md ├── clerkapp ├── __init__.py ├── __pycache__ │ ├── __init__.cpython-39.pyc │ ├── urls.cpython-39.pyc │ └── views.cpython-39.pyc ├── admin.py ├── apps.py ├── auth.py ├── migrations │ └── __init__.py ├── models.py ├── tests.py ├── urls.py └── views.py ├── clerkproject ├── __init__.py ├── __pycache__ │ ├── __init__.cpython-39.pyc │ ├── settings.cpython-39.pyc │ ├── urls.cpython-39.pyc │ └── wsgi.cpython-39.pyc ├── asgi.py ├── settings.py ├── urls.py └── wsgi.py ├── db.sqlite3 ├── manage.py └── requirements.txt /.gitignore: -------------------------------------------------------------------------------- 1 | # Ignore virtual environment files 2 | .venv/ 3 | venv/ -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Django Clerk Auth Example 2 | 3 | A demonstration of using Clerk JWT authentication with Django. This example shows how to integrate Clerk's user authentication with a Django backend API. 4 | 5 | ## Configuration 6 | 7 | Set the required environment variables: 8 | 9 | ```bash 10 | $ export CLERK_API_SECRET_KEY=your_secret_key 11 | 12 | # Set authorized parties (comma-separated list of allowed origins) 13 | $ export CLERK_AUTHORIZED_PARTIES=http://localhost:5173 14 | ``` 15 | 16 | ## Installation 17 | 18 | ```commandline 19 | python -m venv venv 20 | source venv/bin/activate 21 | pip install -r requirements.txt 22 | ``` 23 | 24 | ## Running 25 | 26 | ```commandline 27 | python manage.py runserver 28 | ``` 29 | 30 | The server will be running at `http://localhost:8000`. 31 | 32 | ## Frontend Integration 33 | 34 | From a Clerk React frontend: 35 | 36 | ```javascript 37 | import { useAuth } from '@clerk/clerk-react'; 38 | 39 | function ApiExample() { 40 | const { getToken } = useAuth(); 41 | 42 | const fetchData = async () => { 43 | if (getToken) { 44 | // Get the userId or null if the token is invalid 45 | let res = await fetch("http://localhost:8000/clerk_jwt", { 46 | headers: { 47 | "Authorization": `Bearer ${await getToken()}` 48 | } 49 | }); 50 | console.log(await res.json()); // {userId: 'the_user_id_or_null'} 51 | 52 | // Get gated data or a 401 Unauthorized if the token is not valid 53 | res = await fetch("http://localhost:8000/gated_data", { 54 | headers: { 55 | "Authorization": `Bearer ${await getToken()}` 56 | } 57 | }); 58 | if (res.ok) { 59 | console.log(await res.json()); // {foo: "bar"} 60 | } else { 61 | // Token was invalid 62 | } 63 | } 64 | }; 65 | 66 | return ; 67 | } 68 | ``` 69 | 70 | ## API Reference 71 | 72 | Available endpoints: 73 | 74 | - `GET /clerk_jwt` - Returns the authenticated user ID 75 | - `GET /gated_data` - Returns protected data (requires authentication) 76 | 77 | 78 | ## ⚠️ Production Warning 79 | 80 | This project is not optimized for production and does not address all best practices that should be configured in a production app. It serves as a design template and should be given appropriate consideration before being used in production. 81 | 82 | Issues to address for production use: 83 | - CORS configuration is specific to development environments 84 | - No HTTPS enforcement 85 | - Minimal error handling (especially 401 errors) 86 | - Using development server settings 87 | 88 | For production deployment: 89 | 1. Configure proper CORS settings for your specific domains 90 | 2. Enforce HTTPS for all API communication 91 | 3. Implement comprehensive error handling 92 | 4. Use a production-grade web server instead of the built-in development server -------------------------------------------------------------------------------- /clerkapp/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/clerk/django-example/c8b5341a3ebfac1fcff365df07947b1c28b00d18/clerkapp/__init__.py -------------------------------------------------------------------------------- /clerkapp/__pycache__/__init__.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/clerk/django-example/c8b5341a3ebfac1fcff365df07947b1c28b00d18/clerkapp/__pycache__/__init__.cpython-39.pyc -------------------------------------------------------------------------------- /clerkapp/__pycache__/urls.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/clerk/django-example/c8b5341a3ebfac1fcff365df07947b1c28b00d18/clerkapp/__pycache__/urls.cpython-39.pyc -------------------------------------------------------------------------------- /clerkapp/__pycache__/views.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/clerk/django-example/c8b5341a3ebfac1fcff365df07947b1c28b00d18/clerkapp/__pycache__/views.cpython-39.pyc -------------------------------------------------------------------------------- /clerkapp/admin.py: -------------------------------------------------------------------------------- 1 | from django.contrib import admin 2 | 3 | # Register your models here. 4 | -------------------------------------------------------------------------------- /clerkapp/apps.py: -------------------------------------------------------------------------------- 1 | from django.apps import AppConfig 2 | 3 | 4 | class ClerkappConfig(AppConfig): 5 | default_auto_field = 'django.db.models.BigAutoField' 6 | name = 'clerkapp' 7 | -------------------------------------------------------------------------------- /clerkapp/auth.py: -------------------------------------------------------------------------------- 1 | from functools import wraps 2 | 3 | from clerk_backend_api import authenticate_request, AuthenticateRequestOptions 4 | from django.contrib.auth import authenticate 5 | from django.contrib.auth.backends import BaseBackend 6 | from django.contrib.auth.models import User 7 | from django.http import JsonResponse 8 | 9 | from clerkproject import settings 10 | 11 | 12 | class JwtAuthBackend(BaseBackend): 13 | def authenticate(self, request, **kwargs): 14 | if 'Authorization' not in request.headers: 15 | return None 16 | 17 | try: 18 | request_state = authenticate_request( 19 | request, 20 | AuthenticateRequestOptions( 21 | secret_key=settings.CLERK_API_SECRET_KEY, 22 | authorized_parties=settings.CLERK_AUTHORIZED_PARTIES, 23 | ), 24 | ) 25 | if not request_state.is_signed_in: 26 | request.error_message = request_state.message 27 | return None 28 | # Ideally at this point user object must be fetched from DB and returned, but we will just return a dummy 29 | # user object 30 | user = User(username=request_state.payload["sub"], password="None") 31 | return user 32 | 33 | except Exception as e: 34 | request.error_message = "Unable to authenticate user" 35 | return None 36 | 37 | def get_user(self, user_id): 38 | return User(username=user_id, password="None") 39 | 40 | 41 | def jwt_required(view_func): 42 | @wraps(view_func) 43 | def _wrapped_view(request, *args, **kwargs): 44 | user = authenticate(request) 45 | if not user: 46 | error = getattr(request, 'error_message', 'User not authenticated') 47 | return JsonResponse({'detail': error}, status=401) 48 | request.user = user 49 | return view_func(request, *args, **kwargs) 50 | 51 | return _wrapped_view 52 | -------------------------------------------------------------------------------- /clerkapp/migrations/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/clerk/django-example/c8b5341a3ebfac1fcff365df07947b1c28b00d18/clerkapp/migrations/__init__.py -------------------------------------------------------------------------------- /clerkapp/models.py: -------------------------------------------------------------------------------- 1 | from django.db import models 2 | 3 | # Create your models here. 4 | -------------------------------------------------------------------------------- /clerkapp/tests.py: -------------------------------------------------------------------------------- 1 | from django.test import TestCase 2 | 3 | # Create your tests here. 4 | -------------------------------------------------------------------------------- /clerkapp/urls.py: -------------------------------------------------------------------------------- 1 | from django.urls import path 2 | 3 | from .views import clerk_jwt, gated_data 4 | 5 | urlpatterns = [ 6 | path('clerk_jwt/', clerk_jwt), 7 | path('gated_data/', gated_data), 8 | ] -------------------------------------------------------------------------------- /clerkapp/views.py: -------------------------------------------------------------------------------- 1 | from django.http import JsonResponse 2 | 3 | from clerkapp.auth import jwt_required 4 | 5 | 6 | @jwt_required 7 | def clerk_jwt(request): 8 | data = { 9 | 'userId': request.user.username, 10 | } 11 | return JsonResponse(data) 12 | 13 | 14 | @jwt_required 15 | def gated_data(request): 16 | data = { 17 | "foo": "bar", 18 | } 19 | return JsonResponse(data) 20 | -------------------------------------------------------------------------------- /clerkproject/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/clerk/django-example/c8b5341a3ebfac1fcff365df07947b1c28b00d18/clerkproject/__init__.py -------------------------------------------------------------------------------- /clerkproject/__pycache__/__init__.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/clerk/django-example/c8b5341a3ebfac1fcff365df07947b1c28b00d18/clerkproject/__pycache__/__init__.cpython-39.pyc -------------------------------------------------------------------------------- /clerkproject/__pycache__/settings.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/clerk/django-example/c8b5341a3ebfac1fcff365df07947b1c28b00d18/clerkproject/__pycache__/settings.cpython-39.pyc -------------------------------------------------------------------------------- /clerkproject/__pycache__/urls.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/clerk/django-example/c8b5341a3ebfac1fcff365df07947b1c28b00d18/clerkproject/__pycache__/urls.cpython-39.pyc -------------------------------------------------------------------------------- /clerkproject/__pycache__/wsgi.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/clerk/django-example/c8b5341a3ebfac1fcff365df07947b1c28b00d18/clerkproject/__pycache__/wsgi.cpython-39.pyc -------------------------------------------------------------------------------- /clerkproject/asgi.py: -------------------------------------------------------------------------------- 1 | """ 2 | ASGI config for clerkproject project. 3 | 4 | It exposes the ASGI callable as a module-level variable named ``application``. 5 | 6 | For more information on this file, see 7 | https://docs.djangoproject.com/en/4.0/howto/deployment/asgi/ 8 | """ 9 | 10 | import os 11 | 12 | from django.core.asgi import get_asgi_application 13 | 14 | os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'clerkproject.settings') 15 | 16 | application = get_asgi_application() 17 | -------------------------------------------------------------------------------- /clerkproject/settings.py: -------------------------------------------------------------------------------- 1 | """ 2 | Django settings for clerkproject project. 3 | 4 | Generated by 'django-admin startproject' using Django 4.0.3. 5 | 6 | For more information on this file, see 7 | https://docs.djangoproject.com/en/4.0/topics/settings/ 8 | 9 | For the full list of settings and their values, see 10 | https://docs.djangoproject.com/en/4.0/ref/settings/ 11 | """ 12 | 13 | from pathlib import Path 14 | from dotenv import load_dotenv 15 | import os 16 | 17 | load_dotenv() 18 | CLERK_API_SECRET_KEY = os.getenv('CLERK_API_SECRET_KEY') 19 | 20 | # comma separated list of authorized parties 21 | CLERK_AUTHORIZED_PARTIES = os.getenv("CLERK_AUTHORIZED_PARTIES").split(",") if os.getenv('CLERK_AUTHORIZED_PARTIES') else [] 22 | 23 | 24 | # Build paths inside the project like this: BASE_DIR / 'subdir'. 25 | BASE_DIR = Path(__file__).resolve().parent.parent 26 | 27 | 28 | # Quick-start development settings - unsuitable for production 29 | # See https://docs.djangoproject.com/en/4.0/howto/deployment/checklist/ 30 | 31 | # SECURITY WARNING: keep the secret key used in production secret! 32 | SECRET_KEY = 'django-insecure-2e4=$g6twe4rdkbih6zy0=$*5ijb+$m06crwf@3@$08j9*5nwk' 33 | 34 | # SECURITY WARNING: don't run with debug turned on in production! 35 | DEBUG = True 36 | 37 | ALLOWED_HOSTS = [] 38 | 39 | 40 | # Application definition 41 | 42 | INSTALLED_APPS = [ 43 | 'django.contrib.admin', 44 | 'django.contrib.auth', 45 | 'django.contrib.contenttypes', 46 | 'django.contrib.sessions', 47 | 'django.contrib.messages', 48 | 'django.contrib.staticfiles', 49 | 'corsheaders' 50 | ] 51 | 52 | AUTHENTICATION_BACKENDS = [ 53 | 'clerkapp.auth.JwtAuthBackend', 54 | 'django.contrib.auth.backends.ModelBackend' 55 | ] 56 | 57 | MIDDLEWARE = [ 58 | 'django.middleware.security.SecurityMiddleware', 59 | 'django.contrib.sessions.middleware.SessionMiddleware', 60 | 'corsheaders.middleware.CorsMiddleware', 61 | 'django.middleware.common.CommonMiddleware', 62 | 'django.middleware.csrf.CsrfViewMiddleware', 63 | 'django.contrib.auth.middleware.AuthenticationMiddleware', 64 | 'django.contrib.messages.middleware.MessageMiddleware', 65 | 'django.middleware.clickjacking.XFrameOptionsMiddleware' 66 | ] 67 | 68 | CORS_ALLOWED_ORIGINS = CLERK_AUTHORIZED_PARTIES 69 | 70 | 71 | ROOT_URLCONF = 'clerkproject.urls' 72 | 73 | TEMPLATES = [ 74 | { 75 | 'BACKEND': 'django.template.backends.django.DjangoTemplates', 76 | 'DIRS': [], 77 | 'APP_DIRS': True, 78 | 'OPTIONS': { 79 | 'context_processors': [ 80 | 'django.template.context_processors.debug', 81 | 'django.template.context_processors.request', 82 | 'django.contrib.auth.context_processors.auth', 83 | 'django.contrib.messages.context_processors.messages', 84 | ], 85 | }, 86 | }, 87 | ] 88 | 89 | WSGI_APPLICATION = 'clerkproject.wsgi.application' 90 | 91 | 92 | # Database 93 | # https://docs.djangoproject.com/en/4.0/ref/settings/#databases 94 | 95 | DATABASES = { 96 | 'default': { 97 | 'ENGINE': 'django.db.backends.sqlite3', 98 | 'NAME': BASE_DIR / 'db.sqlite3', 99 | } 100 | } 101 | 102 | 103 | # Password validation 104 | # https://docs.djangoproject.com/en/4.0/ref/settings/#auth-password-validators 105 | 106 | AUTH_PASSWORD_VALIDATORS = [ 107 | { 108 | 'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator', 109 | }, 110 | { 111 | 'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator', 112 | }, 113 | { 114 | 'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator', 115 | }, 116 | { 117 | 'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator', 118 | }, 119 | ] 120 | 121 | 122 | # Internationalization 123 | # https://docs.djangoproject.com/en/4.0/topics/i18n/ 124 | 125 | LANGUAGE_CODE = 'en-us' 126 | 127 | TIME_ZONE = 'UTC' 128 | 129 | USE_I18N = True 130 | 131 | USE_TZ = True 132 | 133 | 134 | # Static files (CSS, JavaScript, Images) 135 | # https://docs.djangoproject.com/en/4.0/howto/static-files/ 136 | 137 | STATIC_URL = 'static/' 138 | 139 | # Default primary key field type 140 | # https://docs.djangoproject.com/en/4.0/ref/settings/#default-auto-field 141 | 142 | DEFAULT_AUTO_FIELD = 'django.db.models.BigAutoField' 143 | -------------------------------------------------------------------------------- /clerkproject/urls.py: -------------------------------------------------------------------------------- 1 | """clerkproject URL Configuration 2 | 3 | The `urlpatterns` list routes URLs to views. For more information please see: 4 | https://docs.djangoproject.com/en/4.0/topics/http/urls/ 5 | Examples: 6 | Function views 7 | 1. Add an import: from my_app import views 8 | 2. Add a URL to urlpatterns: path('', views.home, name='home') 9 | Class-based views 10 | 1. Add an import: from other_app.views import Home 11 | 2. Add a URL to urlpatterns: path('', Home.as_view(), name='home') 12 | Including another URLconf 13 | 1. Import the include() function: from django.urls import include, path 14 | 2. Add a URL to urlpatterns: path('blog/', include('blog.urls')) 15 | """ 16 | from django.contrib import admin 17 | from django.urls import include, path 18 | 19 | urlpatterns = [ 20 | path('admin/', admin.site.urls), 21 | path('', include('clerkapp.urls')) 22 | ] -------------------------------------------------------------------------------- /clerkproject/wsgi.py: -------------------------------------------------------------------------------- 1 | """ 2 | WSGI config for clerkproject project. 3 | 4 | It exposes the WSGI callable as a module-level variable named ``application``. 5 | 6 | For more information on this file, see 7 | https://docs.djangoproject.com/en/4.0/howto/deployment/wsgi/ 8 | """ 9 | 10 | import os 11 | 12 | from django.core.wsgi import get_wsgi_application 13 | 14 | os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'clerkproject.settings') 15 | 16 | application = get_wsgi_application() 17 | -------------------------------------------------------------------------------- /db.sqlite3: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/clerk/django-example/c8b5341a3ebfac1fcff365df07947b1c28b00d18/db.sqlite3 -------------------------------------------------------------------------------- /manage.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | """Django's command-line utility for administrative tasks.""" 3 | import os 4 | import sys 5 | 6 | 7 | def main(): 8 | """Run administrative tasks.""" 9 | os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'clerkproject.settings') 10 | try: 11 | from django.core.management import execute_from_command_line 12 | except ImportError as exc: 13 | raise ImportError( 14 | "Couldn't import Django. Are you sure it's installed and " 15 | "available on your PYTHONPATH environment variable? Did you " 16 | "forget to activate a virtual environment?" 17 | ) from exc 18 | execute_from_command_line(sys.argv) 19 | 20 | 21 | if __name__ == '__main__': 22 | main() 23 | -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | Django==4.2.20 2 | django-cors-headers 3 | python-dotenv 4 | clerk-backend-api --------------------------------------------------------------------------------