@clerk/nextjs now detects when auth() or currentUser() is called inside a Next.js 16 "use cache" function and throws a clear, actionable error with a code example showing the correct pattern. No more cryptic headers() failures when adopting cache components.

SignUp now supports email link verification through sendEmailLink() and waitForEmailLinkVerification(). Users receive a verification link instead of a code, and the flow completes automatically once they click. Verification status (verified, expired, client mismatch) is exposed on the verifications object, and relative redirect URLs are safely resolved to absolute URLs per environment.

<ClerkProvider dynamic> now supports async initialState on React 19+. Instead of awaiting auth state at the top-level provider, session data resolves where it's consumed in hooks via React.use(). No Suspense boundary needed around your provider, and root layouts stay static and predictable.

The Backend SDK now includes createBulk() on WaitlistEntryAPI, so you can create multiple waitlist entries in a single API call. Pass an array of entries with optional notify flags per entry. Ideal for CSV imports, CRM syncs, and batch replay during traffic spikes.

Custom scrollbar styling in @clerk/ui is now consistent across Chrome, Safari, Firefox, and Edge. Scrollbars use a slimmer profile with rounded corners, smooth hover transitions, and theme-aware colors, so embedded components like <UserProfile/> and <OrganizationProfile/> look polished on every browser without custom CSS overrides.

When "Require multi-factor authentication" is enabled, users without MFA are now prompted to complete setup on their next sign-in or immediately after sign-up via a new setup_mfa session task, with full UI for SMS and authenticator app enrollment plus backup codes.

New <HandleSSOCallback /> component for React and Next.js: handles the full SSO callback flow in custom auth UIs, including sign-in/sign-up finalization, automatic transfer between flows, MFA and password branching, existing session activation, and routing to the correct destination. Drop it into your callback route instead of writing the state machine yourself.

ExternalAccount now includes providerUserId, a clearly named field for the unique user ID from the OAuth provider. Use it to correlate provider identities, deduplicate accounts, and build reliable analytics joins. The previous externalId field is deprecated in favor of providerUserId.

@clerk/expo now supports native Google Sign-In on iOS and Android with useSignInWithGoogle(), using built-in native modules for a platform-native authentication experience.

Coinbase Wallet requests now include your application name, so the Coinbase connection sheet can display the correct app identity (matching the Base flow).

Users can now add a password from User Profile → Security when password authentication is enabled for your instance, even if it isn’t required at sign-up.

SignInFuture now supports email code MFA. Use signIn.mfa.sendEmailCode() and signIn.mfa.verifyEmailCode({ code }) to send and verify email-based second-factor codes.

Standalone getToken() is now available across Clerk’s framework SDKs. Call it from anywhere in the browser (interceptors, data fetching, vanilla JS). It waits for Clerk initialization and returns null when there’s no session.

@clerk/tanstack-react-start now supports keyless mode in development, so you can start a TanStack Start app with Clerk without adding API keys first. Includes a claim flow and an opt-out via VITE_CLERK_KEYLESS_DISABLED / CLERK_KEYLESS_DISABLED.

New lightDark theme for Clerk UI: automatically adapts to the user’s system color scheme (via CSS light-dark()). Also improved provider icon theming—Apple/GitHub/Vercel/OKX now support customizable fills with --cl-icon-fill (no dark-mode inversion).

OAuth Consent screen: offline_access is now filtered out of the displayed permissions list, and when present we show an extra note clarifying duration (“You’ll stay signed in until you sign out or revoke access.”).