javascript - Clerk auth middleware settings - Stack Overflow

On this page

This example is given for using authorizedParties for extra security:

clerkMiddleware({
  authorizedParties: [''],
})

But In the code I have to update, I have:

const isProtectedRoute = createRouteMatcher(['/movies(.*)', '/producers(.*)'])
export default clerkMiddleware(async (auth, req) => {
  if (isProtectedRoute(req)) await auth.protect()
})

export const config = {
  matcher: [
  ...
  ],
}

Question 1

I can't tell from the docs if authorizedParties is supposed to be part of the config (i.e. a the same level as matcher) or if it's part of the clerkMiddleware instance itself? I feel like it's the latter but not sure how to set it?

update: never mind, turns out with the second param to clerkMiddleware() u can set needed options

Question 2

Should the authorizedParties list include:

• just the application url?
• the application url plus all the clerk subdomains we had to create CNAMES for, when creating the production instance?
• all the above plus e.g. localhost:3000 for local dev? (I'm thinking no, except for local dev)

Question 3

Is it correct to use both createRouteMatcher() and matcher ? Seems like they are trying to do the same thing and I may have been referencing 2 conflicting docs?