fix(ui): avoid repreparing pending code verifications

[jacekradko]

When the sign-in or sign-up flow rehydrates a session that already has a pending email/phone code verification, the code-entry components were calling prepare* on mount and sending the user a second OTP. This skips the initial prepare in that case while leaving the explicit "Resend code" path untouched, so users only get a new code when they ask for one.

Closes: #8463

[changeset-bot]

🦋 Changeset detected

Latest commit: c02fabb

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 2 packages

Name	Type
@clerk/ui	Patch
@clerk/chrome-extension	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
clerk-js-sandbox	Ready	Preview, Comment	May 14, 2026 2:15am

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR adds deduplication logic across SignIn and SignUp verification flows to prevent re-preparing verification codes when a matching pending (unverified) verification already exists. SignInFactorOneCodeForm now detects when a pending first-factor phone code verification is present and skips automatic preparation. SignUpEmailCodeCard and SignUpPhoneCodeCard similarly detect pending email or phone code verifications and skip re-preparation in those cases. Tests validate the new behavior for both pending and expired verification states.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Possibly related issues

• <SignIn> sends a new email OTP on every mount/refresh while a pending verification already exists #8463: Addresses the same deduplication guard for skipping prepare when a pending verification exists.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'fix(ui): avoid repreparing pending code verifications' accurately summarizes the main change: preventing duplicate OTP sends by skipping initial preparation when a pending code verification already exists.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Description check	✅ Passed	The PR description clearly explains the problem (duplicate OTP codes sent on rehydration) and the solution (skip initial prepare when verification is pending), which directly corresponds to the changesets and code modifications.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[pkg-pr-new]

Open in StackBlitz

@clerk/astro

npm i https://pkg.pr.new/@clerk/astro@8548

@clerk/backend

npm i https://pkg.pr.new/@clerk/backend@8548

@clerk/chrome-extension

npm i https://pkg.pr.new/@clerk/chrome-extension@8548

@clerk/clerk-js

npm i https://pkg.pr.new/@clerk/clerk-js@8548

@clerk/dev-cli

npm i https://pkg.pr.new/@clerk/dev-cli@8548

@clerk/expo

npm i https://pkg.pr.new/@clerk/expo@8548

@clerk/expo-passkeys

npm i https://pkg.pr.new/@clerk/expo-passkeys@8548

@clerk/express

npm i https://pkg.pr.new/@clerk/express@8548

@clerk/fastify

npm i https://pkg.pr.new/@clerk/fastify@8548

@clerk/hono

npm i https://pkg.pr.new/@clerk/hono@8548

@clerk/localizations

npm i https://pkg.pr.new/@clerk/localizations@8548

@clerk/nextjs

npm i https://pkg.pr.new/@clerk/nextjs@8548

@clerk/nuxt

npm i https://pkg.pr.new/@clerk/nuxt@8548

@clerk/react

npm i https://pkg.pr.new/@clerk/react@8548

@clerk/react-router

npm i https://pkg.pr.new/@clerk/react-router@8548

@clerk/shared

npm i https://pkg.pr.new/@clerk/shared@8548

@clerk/tanstack-react-start

npm i https://pkg.pr.new/@clerk/tanstack-react-start@8548

@clerk/testing

npm i https://pkg.pr.new/@clerk/testing@8548

@clerk/ui

npm i https://pkg.pr.new/@clerk/ui@8548

@clerk/upgrade

npm i https://pkg.pr.new/@clerk/upgrade@8548

@clerk/vue

npm i https://pkg.pr.new/@clerk/vue@8548

commit: c02fabb