releases.shpreview

OAuth token revocation; org deletion validates ID

@clerk/backend@3.9.0

1 feature2 fixesThis release1 featureNew capabilities2 fixesBug fixesAI-tallied from the release notes

Minor Changes

  • Add clerkClient.oauthApplications.revokeToken() for revoking opaque OAuth application access and refresh tokens. (#9040) by @jfoshee

Patch Changes

  • organizations.deleteOrganization() now validates that an organization ID was provided. Calling it with an empty ID throws A valid resource ID is required. locally instead of issuing a DELETE request to the organizations collection endpoint, matching the other ID-based methods on the API. (#9036) by @jacekradko

  • M2M JWT verification now validates the token-category (cat) header and rejects M2M JWTs tagged as a different token class. M2M JWTs minted by Clerk carry the correct category and are unaffected; M2M JWTs without the header continue to verify. (#9038) by @wobsoriano

  • Updated dependencies [4306146, 533f0b1]:

    • @clerk/shared@4.23.0

Fetched June 30, 2026

OAuth token revocation; org deletion validates ID… — releases.sh