I'm developing a B2B SaaS product aimed at mid-market companies and already have a functioning backend with our own role-based access control and multi-tenant accounts. I'm considering using Clerk for handling all authentication aspects such as login, signup, email verification, and social login, while maintaining my existing authorization layer. The plan would be for our backend to verify the Clerk JWT, fetch the user data from our database, and conduct our regular permission checks from there. Has anyone implemented this setup? How has it worked for you?
3 Answers
I'm not sure why you'd need Clerk when most backends come with built-in authentication options that are pretty straightforward. On the Next.js side, you can just verify the token with the public key, and that should cover most of your auth needs without adding extra complexity.
This approach is actually becoming a standard best practice for B2B SaaS. Offloading all the authentication hassles (like social logins and password resets) to Clerk while keeping tight control over your own authorization processes is the way to go. Just make sure you have a solid webhook set up to sync Clerk's `user_id` into your local database as soon as a new user registers. Aside from that, it works smoothly in production.
True, and I've been thinking about how to make that webhook listener really robust.
We tried a similar approach with Clerk for authentication while keeping our own permissions system. It works well—just make sure to verify the Clerk JWT on every request and trust the token's expiration. One thing to watch for is user provisioning; Clerk users won't show up in your database until their first login, so you'll need to adjust your onboarding process accordingly. Also, remember to sync profile updates since Clerk now has the most up-to-date user information.
Absolutely! Relying on a third-party for auth can save you tons of headaches.