OAuth token revocation; org deletion validates ID
@clerk/backend@3.9.0
Minor Changes
- Add
clerkClient.oauthApplications.revokeToken()for revoking opaque OAuth application access and refresh tokens. (#9040) by @jfoshee
Patch Changes
-
organizations.deleteOrganization()now validates that an organization ID was provided. Calling it with an empty ID throwsA valid resource ID is required.locally instead of issuing aDELETErequest to the organizations collection endpoint, matching the other ID-based methods on the API. (#9036) by @jacekradko -
M2M JWT verification now validates the token-category (
cat) header and rejects M2M JWTs tagged as a different token class. M2M JWTs minted by Clerk carry the correct category and are unaffected; M2M JWTs without the header continue to verify. (#9038) by @wobsoriano -
Updated dependencies [
4306146,533f0b1]:- @clerk/shared@4.23.0
Fetched June 30, 2026

