Restricting Google Domains
I'm working on replacing <GoogleOAuthProvider ...> in my React frontend with <KindeProvider ...>.
<GoogleOAuthProvider ...> creates a popup window that restricts signin to Google accounts for a specific domain. In my case that's
inrange.io
I have configured Kinde with the same Google Client ID which I was using with <GoogleOAuthProvider ...>, but the signin prompt appears to accept signins from any domain. Can you help me understand why?...
Restricting access to Kinde API
https://kinde.com/docs/user-management/user-permissions/ describes how I can create custom permissions for managing what the users of my application are allowed to do.
https://kinde.com/docs/build/add-a-m2m-application-for-api-access/ describes how I can enable M2M access to the Kinde API.
Is there any way to restrict which Kinde API methods are allowed to be called? I'd like to be able to restrict the access to ensure that if the Client Secret ever got leaked, it couldn't be used to delete all of my Users?...
Accessing appState
https://kinde.com/docs/developer-tools/react-sdk/#persisting-application-state gives an example for how to handle redirecting back to the page a user was on before they clicked the login button.
However, as per https://discord.com/channels/1070212618549219328/1161828367511859291/threads/1174693165748461628 I'm currently redirecting the user to a special page which handles making an API call to map them into an organisation based on some business logic. This means I want to wait until that API call completes before I redirect back to the original URL. To enable this I'm currently using a big hack:
```
onRedirectCallback={(_user, appState) => {...
Rotating Client Secret
How and when can I rotate the client secret which I fetch as part of https://kinde.com/docs/build/add-a-m2m-application-for-api-access/?
Accessing ID on the backend
https://kinde.com/docs/developer-tools/protect-your-api/ describes setting the accessToken when making calls to an API. However, as per https://kinde.com/docs/build/about-access-tokens/ this token only includes the
Subject which is the Kinde User ID.
https://kinde.com/docs/build/about-id-tokens/ describes an ID token which includes details like the user's email, name, etc. However, I can't find any documentation about how to get a token like this and whether or not this would be appropriate to send up to my API, or whether I should be extracting the Kinde User ID from the Access Token and calling the Kinde API (https://kinde.com/api/docs/#get-user) to fetch the user details using this.
Can you help me understand this?...getToken from useKindeBrowserClient
Would it be possible for
getToken from useKindeBrowserClient to asynchronously respond with token (ideally when isLoading is false)?
I need to pass access_token in Authorization header - currently I'm working this around just grabbing access_token from cookies, but this is not ideal.
My case is close to:...Validating JWT tokens for non-OAuth mechanisms
Kinde supports non-OAuth mechanisms such as https://kinde.com/docs/authentication-and-access/azure/ (WS-Federation) and https://kinde.com/docs/authentication-and-access/custom-saml/.
Does Kinde take care of authenticating these logins and then convert the result into a JWT, or does my application need to also worry about handling these other kinds of credentials? Basically, if I follow https://kinde.com/docs/developer-tools/verifying-json-web-tokens/, will I be able to validate logins for users that completed their login using one of these non-OAuth mechanisms?...
Remove an enterpise connection
How can I remove an enterprise connection from the
/admin/cx/_:nav&m:settings::_:submenu&s:authentication page?
Enforcing permissions
https://kinde.com/docs/user-management/user-permissions/ talks about how to create permissions. How do I enforce these permissions in my frontend and backend API? I have a React frontend talking to a Python REST API.
Matching Users to Organisations
I'm working on an auth solution for my application. I'm expecting users from multiple different Organisations to register for my application. Is there a way to automatically assign new users to the correct Organisation based on their email domain? All I've been able to find is the ability to manually assign users to Organisations in the Kinde dashboard.
Customize Registration Fields
Can I customize the registration fields? I would like to remove the first name and last name, just provide your email and you're in.
Linking to my sign up
Hi,
I want to link to my sign up account.mydomain.com from some landing pages that are generated by drag and drop style tools. When i link to account.mydomain.com i just get a strange landing page. How would i link to sign up using a url only?
Thanks...
Getting error after signin
I am using nuxt module, but when I sign in I am getting the following error, I can not work out which piece of the puzzle is missing.
...
{"error":"invalid_request","error_description":"The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. This client must include a code_challenge when performing the authorize code flow, but it is missing."}
{"error":"invalid_request","error_description":"The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. This client must include a code_challenge when performing the authorize code flow, but it is missing."}
New Flutter Package + NextJs
Hello I am so happy that your Flutter package is released. I am building an website with NextJs and an API. Now I want to use the same api routes with my flutter client. Is there a way to post the session from flutter to the api endpoint and validate that in the NextJs middleware ?
Smth like getSession or validate session....
Custom Root Domain
Login works flawlessly. But I do have one question. the custom room domain leads to this page with
I am using custom domain FYI...
You've found our secret landing page. There is nothing to see here yet. Soon it will be an awesome home page.
Is this just how it is or am I missing something fundamentally that I didn't see in the documentation?
You've found our secret landing page. There is nothing to see here yet. Soon it will be an awesome home page.
Is this just how it is or am I missing something fundamentally that I didn't see in the documentation?
Integration with Convex Custom Auth
I am creating a notion-like app with Nextjs. I am using Convex as my backend. I haven't figured out how to integrate it with Kinde as my custom auth provider. Has someone been able to integrate Kinde auth with Convex. If there is a way, could someone help me?
Cookie Problem
Hello,
I have a problem with a created cookie, because I need a cookie that has path '/', is httpOnly, is secure and SameSite None, is this possible to customize default kinde_token to have these parameters?...
SMS as passwordless auth
Is it posible like with Auth0 to use SMS as passwordless entry, i only find e-mail as an option. Youngsters dont use email 🙂
Ability to set MFA option at the Organization level
I need to set up enhance security on few of the organizations and not at the environment level how it currently is. Can we have the MFA option at the org level which scales the authentication flows for us