[@clerk/react-router] sign-in initiated SSO with legal compliance enabled fails on complete-sign-up when signUp.update({ legalAccepted: true }) is called

[pplytas]

Preliminary Checks

• I have reviewed the documentation: https://clerk.com/docs
• I have searched for existing issues: https://github.com/clerk/javascript/issues
• I have not already reached out to Clerk support via email or Discord (if you have, no need to open an issue here)
• This issue is not a question, general help request, or anything other than a bug report directly related to Clerk. Please ask questions in our Discord community: https://clerk.com/discord.

Reproduction

Live repro: https://clerk-react-router-legal-repro.vercel.app/
Repository: https://github.com/pplytas/clerk-react-router-legal-repro

Publishable key

pk_test_ZHJpdmVuLW1vbmtmaXNoLTU3LmNsZXJrLmFjY291bnRzLmRldiQ

Description

Steps to reproduce:

1. Enable Google SSO and legal compliance in Clerk for the publishable key above.
2. Open the live repro.
3. Go to /sign-in.
4. Click Continue with Google (future).
5. Use a Google account that does not already exist in this Clerk instance.
6. After the OAuth callback, Clerk transfers the attempt into sign-up and routes to /sign-up/complete/future.
7. Fill in first name and last name, check the legal acceptance checkbox, and submit.
8. Observe that the request made by signUp.update(...) targets the client sign-up collection endpoint without a sign-up ID and fails with 405 Method Not Allowed.

The repro now also includes a control flow:

9. Repeat the same steps with Continue with Google (legacy), which routes to /sign-up/complete/legacy.
10. That page uses clerk.client.signUp.update(...) instead of signUp.update(...), so the repro exposes both the new and legacy update paths side-by-side.

Expected behavior:

The continued sign-up flow should accept legalAccepted: true and proceed normally.

More specifically, signUp.update(...) in the custom sign-up continuation flow should update the current sign-up attempt using an ID-aware sign-up endpoint, not the collection endpoint.

Actual behavior:

On the future flow, the request sent by signUp.update(...) does not include a sign-up ID in the path. It hits the collection endpoint shape instead:

PATCH /v1/client/sign_ups?...&_method=PATCH

instead of an ID-specific endpoint shape:

PATCH /v1/client/sign_ups/{sign_up_id}

The result is:

405 Method Not Allowed

and the browser UI then throws:

Failed to execute 'json' on 'Response': Unexpected end of JSON input

The repro now isolates this to the new sign-up completion path by exposing two flows:

• future: uses signUp.update(...)
• legacy: uses clerk.client.signUp.update(...)

The issue is specifically on the future flow. The legacy flow is included as a control for direct comparison.

Environment

System:
  OS: macOS 26.3.1
  CPU: (8) arm64 Apple M3
  Memory: 5.64 GB / 24.00 GB
  Shell: 5.9 - /bin/zsh
Binaries:
  Node: 24.14.1 - /opt/homebrew/bin/node
  npm: 11.11.0 - /opt/homebrew/bin/npm
  pnpm: 10.25.0 - /opt/homebrew/bin/pnpm
  Watchman: 2026.03.30.00 - /opt/homebrew/bin/watchman
Browsers:
  Chrome: 147.0.7727.56
  Firefox: 149.0
  Safari: 26.3.1
npmPackages:
  @clerk/react-router: ^3.1.2 => 3.1.2
  @react-router/dev: 7.14.0 => 7.14.0
  @react-router/node: 7.14.0 => 7.14.0
  @react-router/serve: 7.14.0 => 7.14.0
  react: ^19.2.4 => 19.2.5
  react-dom: ^19.2.4 => 19.2.5
  react-router: 7.14.0 => 7.14.0