releases.shpreview

Clerk.load() now times out; stale tokens no longer overwrite fresh ones

@clerk/clerk-js@5.127.1

1 enhancement2 fixesThis release1 enhancementImprovements to existing features2 fixesBug fixesAI-tallied from the release notes
From the original release noteView original ↗

Patch Changes

  • Fail fast when the Clerk Frontend API (FAPI) is slow or unreachable during load. The client request and the load-recovery token mint are now bounded by a timeout, and the timed-out client request is aborted instead of being left in flight. A cold Clerk.load() renders identity from a freshly minted session token (falling back to the session cookie if the mint fails) in seconds instead of hanging while retries run. After a degraded load, the client is re-fetched in the background without a time limit, so a slow-but-healthy origin recovers full client data (user profile, other sessions) without a reload. Also fixes hooks like useUser() keeping the cookie-derived stub user after full user data arrives. Adds a timeLimit utility to @clerk/shared/utils that optionally aborts an AbortController on timeout. (#9123) by @nikosdouvlis

  • Prevent a staler session token from overwriting a fresher one on the same tab. Freshness is ranked by the JWT oiat header, then iat; tokens without oiat always pass through. (#9090) by @nikosdouvlis

  • Updated dependencies [4093b03]:

    • @clerk/shared@3.47.8
    • @clerk/localizations@3.37.8

Fetched July 13, 2026

Clerk.load() now times out; stale tokens no longer… — releases.sh