Auth clone (Clerk)

Clerk-shaped users, sessions, orgs, MFA, and JWKS for tests.

Auth clone (Clerk-shaped)

Simulate your app's Clerk integration — users, sessions, organizations, MFA, and JWKS — without touching Clerk dev quotas. This is not Molar operator login (Better Auth at app.molar.it).

Clone ID: auth · Binary: clones-auth · SDK: auth · Scenario alias: clerk in some .molar.md files maps to auth · Dashboard: Auth explorer

Start here

QuestionAnswer
Best forSign-up, sign-in, org membership, JWT validation, MFA, and password reset flows
Connect withClerk SDK with CLERK_API_URL override, route mode for api.clerk.com, REST at clone base, or MCP auth_seed_users
Known limitsNo Clerk Admin UI — API + JWKS only
SeedsseedUsers() or admin JSON { "users": [...] }

Quick start

import { auth } from "@molar/clones";

const clone = await auth.start({ seed: "team-baseline", runId: "run-auth-01" });

await clone.seedUsers([{ email: "alice@example.com", password: "Str0ng!pass" }]);
const session = await clone.signIn("alice@example.com", "Str0ng!pass");
const jwks = await clone.jwks();

MCP tools

ToolDescription
molar_clone_spawnSpawn Auth clone (kind: "auth", optional seed)
auth_seed_usersBulk seed users via admin (adminUrl, users[] with email/password)

REST API coverage

Clerk-compatible REST under {base}/t/{runId}/...:

ResourceOperations
UsersCreate, list, get, update, delete; enroll MFA factors
Sign-insCreate, first factor, second factor (TOTP), revoke
Sign-upsCreate, prepare/attempt email verification
SessionsList, get, revoke
OrganizationsCreate, list, memberships CRUD
JWKS/.well-known/jwks.json for JWT verification in your app
Password resetPrepare and attempt reset on sign-in resource

Passwords are hashed with bcrypt (test-grade, not production pepper/HIBP).

Seeds and initial state

There are no built-in named seeds like auth-base. Use:

await clone.seedUsers([
  { email: "alice@example.com", password: "Str0ng!pass" },
  { email: "bob@example.com", password: "Str0ng!pass" },
]);

Dashboard presets Auth + Clerk login and Phone OTP signup (twilio + auth) give one-click starting points in the preset library.

MFA / OTP

MFA is supported on the Auth clone (TOTP second factor on sign-in). For phone OTP in end-to-end flows, combine with the Twilio clone and lastOTP().

Limits

LimitDetail
Password policy12-character minimum + blocklist on create/update/reset
Session TTLVirtual clock drives expiry
Chaos presetssession_expired, otp_rejected

Environment variables

MOLAR_CLONE_AUTH_URL, MOLAR_CLONE_AUTH_ADMIN_URL, CLERK_SECRET_KEY (derived from spawn)