Auth clone (Clerk-shaped)
Simulate your app's Clerk integration — users, sessions, organizations, MFA, and JWKS — without touching Clerk dev quotas. This is not Molar operator login (Better Auth at app.molar.it).
Clone ID: auth · Binary: clones-auth · SDK: auth · Scenario alias: clerk in some .molar.md files maps to auth · Dashboard: Auth explorer
Start here
| Question | Answer |
|---|---|
| Best for | Sign-up, sign-in, org membership, JWT validation, MFA, and password reset flows |
| Connect with | Clerk SDK with CLERK_API_URL override, route mode for api.clerk.com, REST at clone base, or MCP auth_seed_users |
| Known limits | No Clerk Admin UI — API + JWKS only |
| Seeds | seedUsers() or admin JSON { "users": [...] } |
Quick start
import { auth } from "@molar/clones";
const clone = await auth.start({ seed: "team-baseline", runId: "run-auth-01" });
await clone.seedUsers([{ email: "alice@example.com", password: "Str0ng!pass" }]);
const session = await clone.signIn("alice@example.com", "Str0ng!pass");
const jwks = await clone.jwks();
MCP tools
| Tool | Description |
|---|---|
molar_clone_spawn | Spawn Auth clone (kind: "auth", optional seed) |
auth_seed_users | Bulk seed users via admin (adminUrl, users[] with email/password) |
REST API coverage
Clerk-compatible REST under {base}/t/{runId}/...:
| Resource | Operations |
|---|---|
| Users | Create, list, get, update, delete; enroll MFA factors |
| Sign-ins | Create, first factor, second factor (TOTP), revoke |
| Sign-ups | Create, prepare/attempt email verification |
| Sessions | List, get, revoke |
| Organizations | Create, list, memberships CRUD |
| JWKS | /.well-known/jwks.json for JWT verification in your app |
| Password reset | Prepare and attempt reset on sign-in resource |
Passwords are hashed with bcrypt (test-grade, not production pepper/HIBP).
Seeds and initial state
There are no built-in named seeds like auth-base. Use:
await clone.seedUsers([
{ email: "alice@example.com", password: "Str0ng!pass" },
{ email: "bob@example.com", password: "Str0ng!pass" },
]);
Dashboard presets Auth + Clerk login and Phone OTP signup (twilio + auth) give one-click starting points in the preset library.
MFA / OTP
MFA is supported on the Auth clone (TOTP second factor on sign-in). For phone OTP in end-to-end flows, combine with the Twilio clone and lastOTP().
Limits
| Limit | Detail |
|---|---|
| Password policy | 12-character minimum + blocklist on create/update/reset |
| Session TTL | Virtual clock drives expiry |
| Chaos presets | session_expired, otp_rejected |
Environment variables
MOLAR_CLONE_AUTH_URL, MOLAR_CLONE_AUTH_ADMIN_URL, CLERK_SECRET_KEY (derived from spawn)