fix(clerk-js): reset Core 3 OAuth retry state

[jacekradko]

Fixes SDK-75.

Summary

• Create a fresh Core 3 sign-in attempt when retrying OAuth SSO after an abandoned provider redirect.
• Reset async resource fetch status when restoring a pending task from BFCache.
• Add regression coverage for retrying GitHub after abandoning a Google OAuth redirect.

Root cause

signIn.__internal_future.sso() reused an existing sign-in resource when it already had an id. After a user backed out of an OAuth provider (e.g. pressed the browser back button on Google's consent screen), the resource still held the previous provider's externalVerificationRedirectURL, so a later click on a different provider (e.g. GitHub) navigated back to the original provider's consent screen. Additionally, when the page was restored from BFCache, the resource's fetch status remained fetching, leaving subsequent attempts stuck.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
clerk-js-sandbox	Ready	Preview, Comment	May 7, 2026 1:05pm

[changeset-bot]

🦋 Changeset detected

Latest commit: d3bef86

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 3 packages

Name	Type
@clerk/clerk-js	Patch
@clerk/chrome-extension	Patch
@clerk/expo	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Pro

Run ID: 226fd156-27c1-412d-9d66-ce2298991928

📥 Commits

Reviewing files that changed from the base of the PR and between 0d62e94 and d3bef86.

📒 Files selected for processing (1)

• packages/clerk-js/src/core/resources/SignIn.ts

---

📝 Walkthrough

Walkthrough

This pull request addresses Core 3 OAuth retry routing in @clerk/clerk-js. The changes modify the SignIn.sso flow to update redirect URLs when using popup-based authentication with wrapped routes, and expand the condition triggering the resource creation step to include cases where the resource ID is absent, the strategy is not enterprise_sso, or the first-factor verification is unverified. A corresponding test scenario is added to verify the OAuth sign-in retry flow after an abandoned provider redirect, along with updated mocks for popup-based authentication behavior. A changeset file documents the patch release.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly summarizes the main change: fixing OAuth retry state in Core 3 by creating fresh sign-in attempts after abandoned redirects.
Description check	✅ Passed	The description is directly related to the changeset, explaining the root cause of the OAuth retry issue and detailing the fix across multiple components.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[pkg-pr-new]

Open in StackBlitz

@clerk/astro

npm i https://pkg.pr.new/@clerk/astro@8494

@clerk/backend

npm i https://pkg.pr.new/@clerk/backend@8494

@clerk/chrome-extension

npm i https://pkg.pr.new/@clerk/chrome-extension@8494

@clerk/clerk-js

npm i https://pkg.pr.new/@clerk/clerk-js@8494

@clerk/dev-cli

npm i https://pkg.pr.new/@clerk/dev-cli@8494

@clerk/expo

npm i https://pkg.pr.new/@clerk/expo@8494

@clerk/expo-passkeys

npm i https://pkg.pr.new/@clerk/expo-passkeys@8494

@clerk/express

npm i https://pkg.pr.new/@clerk/express@8494

@clerk/fastify

npm i https://pkg.pr.new/@clerk/fastify@8494

@clerk/hono

npm i https://pkg.pr.new/@clerk/hono@8494

@clerk/localizations

npm i https://pkg.pr.new/@clerk/localizations@8494

@clerk/nextjs

npm i https://pkg.pr.new/@clerk/nextjs@8494

@clerk/nuxt

npm i https://pkg.pr.new/@clerk/nuxt@8494

@clerk/react

npm i https://pkg.pr.new/@clerk/react@8494

@clerk/react-router

npm i https://pkg.pr.new/@clerk/react-router@8494

@clerk/shared

npm i https://pkg.pr.new/@clerk/shared@8494

@clerk/tanstack-react-start

npm i https://pkg.pr.new/@clerk/tanstack-react-start@8494

@clerk/testing

npm i https://pkg.pr.new/@clerk/testing@8494

@clerk/ui

npm i https://pkg.pr.new/@clerk/ui@8494

@clerk/upgrade

npm i https://pkg.pr.new/@clerk/upgrade@8494

@clerk/vue

npm i https://pkg.pr.new/@clerk/vue@8494

commit: d3bef86