feat: Unauthorized sign-in #1668
Conversation
|
Hey, here’s your docs preview: https://clerk.com/docs/pr/1668 |
|
converting to draft until the feature is ready for release, and then we can revisit this pr and make the necessary updates! |
Added a section under Security for unauthorized sign-ins. Added the unauthorized sign-in page in the Account Portal docs.
Co-authored-by: victoria <[email protected]>
Co-authored-by: victoria <[email protected]>
Co-authored-by: victoria <[email protected]>
Co-authored-by: victoria <[email protected]>
Co-authored-by: victoria <[email protected]>
Co-authored-by: victoria <[email protected]>
Co-authored-by: victoria <[email protected]>
Co-authored-by: victoria <[email protected]>
Co-authored-by: victoria <[email protected]>
Co-authored-by: victoria <[email protected]>
Co-authored-by: victoria <[email protected]>
Co-authored-by: victoria <[email protected]>
Format the new docs page with prettier.
Until we get the new Emails redesign page in the dashboard, we'll keep the configuration section to the minimum required.
The template name has changed in the dashboard.
| @@ -52,6 +52,12 @@ The user profile page hosts the prebuilt [`<UserProfile />`](/docs/components/us | |||
|
|
|||
| Redirect your authenticated users to their user profile page using the [`<RedirectToUserProfile />`](/docs/components/control/redirect-to-userprofile) control component. | |||
|
|
|||
| ### Unauthorized sign-in | |||
|
|
|||
| The unauthorized sign-in page doesn't host any prebuilt Clerk component. It displays a UI confirming that a session from an unrecognized device was successfully revoked. For more information, see the [Unauthorized sign-in](/docs/security/unauthorized-sign-in) feature. | |||
There was a problem hiding this comment.
| The unauthorized sign-in page doesn't host any prebuilt Clerk component. It displays a UI confirming that a session from an unrecognized device was successfully revoked. For more information, see the [Unauthorized sign-in](/docs/security/unauthorized-sign-in) feature. | |
| The unauthorized sign-in page doesn't host any prebuilt Clerk component. It displays a UI confirming that a session from an unrecognized device was successfully revoked. For more information, see the [Unauthorized sign-in](/docs/security/unauthorized-sign-in) guide. |
There was a problem hiding this comment.
Are you sure this is a guide? I see it more as a page which explains what the feature is about.
Would it be confusing the page with the rest of the "Guides"?
There was a problem hiding this comment.
firstly, I'd say to update this suggestion with the original suggestion that accidentally didn't get applied:
| The unauthorized sign-in page doesn't host any prebuilt Clerk component. It displays a UI confirming that a session from an unrecognized device was successfully revoked. For more information, see the [Unauthorized sign-in](/docs/security/unauthorized-sign-in) feature. | |
| The unauthorized sign-in page displays a UI confirming that a session from an unrecognized device was successfully revoked. For more information, refer to [the guide.](/docs/security/unauthorized-sign-in) |
secondly, I'd call this a reference guide - it's kind of in the middle, but it's more so a reference for the "unauthorized sign in" feature, so we can call it a reference! this would update the suggestion to read:
| The unauthorized sign-in page doesn't host any prebuilt Clerk component. It displays a UI confirming that a session from an unrecognized device was successfully revoked. For more information, see the [Unauthorized sign-in](/docs/security/unauthorized-sign-in) feature. | |
| The unauthorized sign-in page displays a UI confirming that a session from an unrecognized device was successfully revoked. For more information, see [the reference](/docs/security/unauthorized-sign-in). |
There was a problem hiding this comment.
i've applied the changes here c36db71
Co-authored-by: victoria <[email protected]>
Co-authored-by: victoria <[email protected]>
Co-authored-by: victoria <[email protected]>
Co-authored-by: victoria <[email protected]>
Co-authored-by: victoria <[email protected]>
Co-authored-by: victoria <[email protected]>
Co-authored-by: victoria <[email protected]>
Co-authored-by: victoria <[email protected]>
Co-authored-by: victoria <[email protected]>
Co-authored-by: victoria <[email protected]>
Co-authored-by: victoria <[email protected]>
Co-authored-by: victoria <[email protected]>
Co-authored-by: victoria <[email protected]>
|
Hi @victoriaxyz, thanks for the review. I think I applied most of the feedback. Could you please take another look? |
| When a sign-in attempt is made from an unfamiliar device, Clerk notifies the account owner by email with details about the newly created session. The account owner can immediately revoke the session if it's recognized as unauthorized. | ||
|
|
||
| The email notification users receive for unauthorized sign-ins varies depending on the instance's configuration and the application's billing plan. | ||
| When a sign-in attempt is made from an unfamiliar device, Clerk notifies the account owner by email with details about the newly created session. The email notification varies depending on the instance's configuration and the application's billing plan. |
There was a problem hiding this comment.
I've removed "The account owner can immediately revoke the session if it's recognized as unauthorized." as this is only available for certain supported instances. So now, we can combine the first and third sentence, and it flows very nicely.
There was a problem hiding this comment.
These look good! We reaaaally appreciate you getting these in early for us to start working on, long before the feature was to be released.
Thank you for taking in Victoria's and I's suggestions, I know they can seem like a lot and we appreciate your collaboration ❤️
Co-authored-by: victoria <[email protected]> Co-authored-by: Alexis Aguilar <[email protected]>
Co-authored-by: victoria <[email protected]> Co-authored-by: Alexis Aguilar <[email protected]>
Important
🔎 Previews:
Explanation:
We're launching a new feature that detects sign-ins from unrecognized devices and sends a notification to the users.
This PR: