Skip to content

fix(ui): Handle unsafeMetadata in ticket flows #7660

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
tmilewski merged 2 commits into from
Jan 23, 2026
Merged

fix(ui): Handle unsafeMetadata in ticket flows #7660

tmilewski merged 2 commits into from
Jan 23, 2026

Conversation

@tmilewski
Copy link
Member

@tmilewski tmilewski commented Jan 23, 2026
edited by coderabbitai bot
Loading

Description

Port of Core 2 changes: #7657

Summary

Fixes a bug where unsafeMetadata was not being passed to signUp.create() when users sign up via the ticket/invitation flow. This caused users created through invitation links to have empty unsafeMetadata, even when it was configured on the <SignUp> component.

Problem

When a user signs up using a ticket (e.g., from an invitation link), the handleTokenFlow function in SignUpStart.tsx was calling signUp.create() without including unsafeMetadata. This is inconsistent with other sign-up flows (OAuth, Web3, manual form submission) which all correctly pass unsafeMetadata.

Solution

Updated handleTokenFlow to include unsafeMetadata in the signUp.create() call. The unsafeMetadata value is already available from the component context, so we simply pass it through.

Checklist

  • pnpm test runs as expected.
  • pnpm build runs as expected.
  • (If applicable) JSDoc comments have been added or updated for any package exports
  • (If applicable) Documentation has been updated

Type of change

  • 🐛 Bug fix
  • 🌟 New feature
  • 🔨 Breaking change
  • 📖 Refactoring / dependency upgrade / documentation
  • other:

Summary by CodeRabbit

  • Bug Fixes

    • Sign-up ticket flow now includes unsafe metadata alongside the authentication strategy during account creation, ensuring metadata is carried through the ticket-based flow.

  • Tests

    • Updated/added tests to validate unsafe metadata is passed when present and absent when not provided.

✏️ Tip: You can customize this high-level summary in your review settings.

@tmilewski tmilewski self-assigned this Jan 23, 2026
@changeset-bot
Copy link

changeset-bot bot commented Jan 23, 2026
edited
Loading

🦋 Changeset detected

Latest commit: 1e9a2ee

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 0 packages

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@vercel
Copy link

vercel bot commented Jan 23, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Review Updated (UTC)
clerk-js-sandbox Ready Ready Preview, Comment Jan 23, 2026 6:01pm

Request Review

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Jan 23, 2026
edited
Loading

📝 Walkthrough

Walkthrough

A new changeset file (.changeset/heavy-parrots-juggle.md) was added. The SignUpStart.tsx component now includes unsafeMetadata in the payload passed to signUp.create when processing a ticket-based sign-up (__clerk_ticket). Tests in SignUpStart.test.tsx were updated/added to assert that unsafeMetadata is forwarded in ticket scenarios and is undefined when no metadata is provided.

🚥 Pre-merge checks | ✅ 2 | ❌ 1
❌ Failed checks (1 warning)
Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (2 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly and concisely summarizes the main change: handling unsafeMetadata in ticket flows, which is the core fix described in the PR objectives.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

Comment @coderabbitai help to get the list of available commands and usage tips.

@pkg-pr-new
Copy link

pkg-pr-new bot commented Jan 23, 2026
edited
Loading

Open in StackBlitz

@clerk/agent-toolkit

npm i https://pkg.pr.new/@clerk/agent-toolkit@7660

@clerk/astro

npm i https://pkg.pr.new/@clerk/astro@7660

@clerk/backend

npm i https://pkg.pr.new/@clerk/backend@7660

@clerk/chrome-extension

npm i https://pkg.pr.new/@clerk/chrome-extension@7660

@clerk/clerk-js

npm i https://pkg.pr.new/@clerk/clerk-js@7660

@clerk/dev-cli

npm i https://pkg.pr.new/@clerk/dev-cli@7660

@clerk/expo

npm i https://pkg.pr.new/@clerk/expo@7660

@clerk/expo-passkeys

npm i https://pkg.pr.new/@clerk/expo-passkeys@7660

@clerk/express

npm i https://pkg.pr.new/@clerk/express@7660

@clerk/fastify

npm i https://pkg.pr.new/@clerk/fastify@7660

@clerk/localizations

npm i https://pkg.pr.new/@clerk/localizations@7660

@clerk/nextjs

npm i https://pkg.pr.new/@clerk/nextjs@7660

@clerk/nuxt

npm i https://pkg.pr.new/@clerk/nuxt@7660

@clerk/react

npm i https://pkg.pr.new/@clerk/react@7660

@clerk/react-router

npm i https://pkg.pr.new/@clerk/react-router@7660

@clerk/shared

npm i https://pkg.pr.new/@clerk/shared@7660

@clerk/tanstack-react-start

npm i https://pkg.pr.new/@clerk/tanstack-react-start@7660

@clerk/testing

npm i https://pkg.pr.new/@clerk/testing@7660

@clerk/ui

npm i https://pkg.pr.new/@clerk/ui@7660

@clerk/upgrade

npm i https://pkg.pr.new/@clerk/upgrade@7660

@clerk/vue

npm i https://pkg.pr.new/@clerk/vue@7660

commit: 1e9a2ee

@tmilewski tmilewski changed the title fix(ui): Handle unsafeMetadata in ticket flows fix(ui): Handle unsafeMetadata in ticket flows Jan 23, 2026
jacekradko
jacekradko reviewed Jan 23, 2026
View reviewed changes
jacekradko
jacekradko approved these changes Jan 23, 2026
View reviewed changes
Copy link
Member

@jacekradko jacekradko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a changeset update

@tmilewski @jacekradko
Remove changeset entry
1e9a2ee 
Co-authored-by: Jacek Radko <jacek@clerk.dev>
@tmilewski tmilewski merged commit cc844a3 into main Jan 23, 2026
40 checks passed
@tmilewski tmilewski deleted the tom/user-4473-fix-unsafemetadata-issues-in-core-3 branch January 23, 2026 18:18
nikosdouvlis pushed a commit that referenced this pull request Jan 27, 2026
@tmilewski @jacekradko @nikosdouvlis
fix(ui): Handle unsafeMetadata in ticket flows (#7660)
a14cd28 
Co-authored-by: Jacek Radko <jacek@clerk.dev>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jacekradko jacekradko jacekradko approved these changes

Assignees

@tmilewski tmilewski

Labels

core-3

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@tmilewski @jacekradko