Skip to main content
Clerk Auth gives your app its own dedicated authentication system powered by Clerk. Unlike Replit Auth, which uses Replit’s login system and creates Replit accounts, Clerk Auth provisions a separate Clerk tenant for your app. Your app’s users create accounts directly within your app — not Replit accounts — and you get full control over branding, login methods, and the sign-in experience.
Replit Auth vs. Clerk Auth — With Replit Auth, users sign in with Replit accounts and see Replit-branded login pages. With Clerk Auth (this page), your app gets its own authentication tenant with fully customizable branding and user accounts independent of Replit. Choose Clerk Auth when you want your own brand on the login experience or need user accounts separate from Replit.

Replit Auth vs. Clerk Auth at a glance

Replit AuthClerk Auth
User accountsUsers sign in with a Replit accountUsers create accounts within your app (no Replit account needed)
BrandingReplit-branded login pageFully customizable — your app name, icon, and colors
SSO credentialsUses Replit’s shared OAuth appsBring your own OAuth credentials per provider
EnvironmentsSingle environmentSeparate Development and Production environments
ReferralsSign-ups count toward Replit ReferralsNo Replit referral integration
Best forQuick setup, apps where Replit branding is acceptableCustom-branded apps, professional/commercial products

Getting started

To add Clerk Auth to your app, include it in your Agent prompt: 
Help me create an app that [your app idea] and should feature Clerk Auth.
Agent handles everything — creating the Clerk tenant, storing credentials, configuring routes, and adding middleware. You don’t need a Clerk account or any manual setup.

How Clerk Auth works with Replit

When Agent sets up Clerk Auth for your app, it:
  1. Creates a dedicated Clerk tenant — Your app gets its own Clerk application with separate Development and Production environments
  2. Provisions credentials — API keys and secrets are stored as environment variables
  3. Configures a proxy — Authentication works seamlessly on your published domain
  4. Sets up sign-in and sign-up routes — Pre-built Clerk React components are added to your app
  5. Adds server-side middleware — Your API routes are protected with Clerk’s Express middleware
You don’t need to create a Clerk account or manage any infrastructure. Everything is handled through the Replit Workspace.

Key features

Clerk Auth provides your app with:
  • Independent user accounts — Your app’s users are not Replit users; they exist only within your app’s Clerk tenant
  • Configurable login page — Set your app name, icon, and choose which sign-in providers to show
  • Custom-branded SSO — Supply your own OAuth credentials per provider so the sign-in flow displays your app’s name and branding instead of generic defaults
  • Email and password authentication — Built-in sign-up and sign-in with email verification
  • Social sign-in (SSO) — Let users sign in with Google, GitHub, Apple, or X (Twitter)
  • User management — View, search, and moderate users from the Auth pane
  • Session handling — Secure session tokens managed automatically
  • Development and Production environments — Test authentication in development before going live

Managing users

The Auth pane in your Workspace gives you a complete view of your authenticated users. Because Clerk Auth creates a separate user store for your app, the users listed here are accounts in your app — not Replit accounts.
Clerk Auth users tab showing authenticated users in the Auth pane
From the Users tab, you can:
  • View all users with details like email, name, last login, and account creation date
  • Search and filter to find specific users
  • Ban or unban users to control access to your app
  • Sort users by different criteria
  • Switch environments — Toggle between Development and Production to manage users in each

Configuring your login page

From the Configure tab in the Auth pane, you can control which sign-in providers appear on your login page and set your app’s name and icon.
Clerk Auth configure tab showing app name, icon, and SSO provider toggles
You can change:
  • App name — Displayed on the login screen
  • App icon — Your brand’s logo on the login screen
  • Login methods — Enable or disable specific sign-in providers (Google, GitHub, Apple, X, Email)
  • Environment — Switch between Development and Production settings

Custom SSO credentials

By default, SSO providers use shared credentials — your app’s sign-in flow works immediately but shows generic branding during the OAuth consent screen. To display your app’s name and branding when users sign in with a social provider, configure your own OAuth credentials for each provider.
Custom OAuth credentials configuration for Google SSO showing client ID and secret fields
With custom credentials, the sign-in page shows your app’s name instead of a generic application name, giving your users a fully branded experience from start to finish. See Additional resources for setup guides for each provider.

Security best practices

  • Always validate server-side — Check authentication in your API routes, not just in the UI
  • Use environment variables — Never hardcode keys or secrets in your code
  • Keep the proxy middleware first — The Clerk proxy must be mounted before body parsers in your Express app
  • Don’t redirect the homepage to sign-in — Keep your landing page accessible to unauthenticated visitors

Additional resources