K
Kinde13mo ago
Martin

https://kinde.com/pricing/ M2M tokens question

Can I please double check my understanding of your pricing? The Kinde pricing page says that 2000 M2M tokens are included for free. Is an M2M token consumed every time I call the /oauth2/token Kinde API endpoint to retrieve an M2M Access Token? If so, can you help me understand how to use and validate the ID Token (https://kinde.com/docs/build/about-id-tokens/) ? I'm already passing the Access Token to my REST API through the "authorization" HTTP header. However, this token doesn't contain the user's email address (https://kinde.com/docs/build/about-access-tokens/) and so on every REST API call I'm currently getting a M2M token and calling the Kinde API to get the user object to get their email address. The ID token includes the user's email address (https://kinde.com/docs/build/about-id-tokens/) but I can't see any example in your docs of the recommended way of passing this token through to a REST API and validate serverside that the ID token is valid. Is there any way of tracking how many M2M tokens which I have consumed so far? The billing page doesn't show any M2M token usage, but I don't know if that's because I'm within the free limit?
Kinde Docs
ID tokens - Build on Kinde - Help center
Our developer tools provide everything you need to get started with Kinde.
Kinde Docs
Access tokens - Build on Kinde - Help center
Our developer tools provide everything you need to get started with Kinde.
No description
10 Replies
Martin
MartinOP13mo ago
I can see that https://github.com/kinde-oss/kinde-auth-pkce-js/blob/main/src/createKindeClient.ts#L106 stores the ID Token and then https://github.com/kinde-oss/kinde-auth-pkce-js/blob/main/src/utils/getUserOrganizations/getUserOrganizations.ts reads values out of it. However, I can't see any way to actually get the ID token back out of the kinde-auth-pkce-js package, especially not from the kinde-auth-react package which is what I'm using.
GitHub
kinde-auth-pkce-js/src/utils/getUserOrganizations/getUserOrganizati...
Kinde vanilla JavaScript authentication for SPAs using PKCE flows. Can be used with Vue / Angular or any JS framework - kinde-oss/kinde-auth-pkce-js
GitHub
kinde-auth-pkce-js/src/createKindeClient.ts at main · kinde-oss/kin...
Kinde vanilla JavaScript authentication for SPAs using PKCE flows. Can be used with Vue / Angular or any JS framework - kinde-oss/kinde-auth-pkce-js
Martin
MartinOP13mo ago
I've raised a couple of pull requests to expose the ID token for use by my application: https://github.com/kinde-oss/kinde-auth-pkce-js/pull/57 https://github.com/kinde-oss/kinde-auth-react/pull/38
GitHub
Add getIdToken method by mchr3k · Pull Request #57 · kinde-oss/kind...
Explain your changes I've raised a support thread in Discord: https://discord.com/channels/1070212618549219328/1179456563627438141 [...]can you help me understand how to use and validate the I...
GitHub
Add getIdToken method by mchr3k · Pull Request #38 · kinde-oss/kind...
Explain your changes I've raised a support thread in Discord: https://discord.com/channels/1070212618549219328/1179456563627438141 [...]can you help me understand how to use and validate the I...
Oli - Kinde
Oli - Kinde13mo ago
Hey @Martin, Thanks for all the questions here and for raising the PRs. I will discuss this with my team and get back to you.
Oli - Kinde
Oli - Kinde13mo ago
Hey @Martin, Thanks again for all your questions and even adding PRs. I will answer your questions below.
Can I please double check my understanding of your pricing? The Kinde pricing page says that 2000 M2M tokens are included for free. Is an M2M token consumed every time I call the /oauth2/token Kinde API endpoint to retrieve an M2M Access Token?
Yes, every time the user calls /oauth2/token, that counts as 1. The M2M token has an expiry date, just like any other token. The user should only get a new token if the current one is expired.
If so, can you help me understand how to use and validate the ID Token (https://kinde.com/docs/build/about-id-tokens/) ? I'm already passing the Access Token to my REST API through the "authorization" HTTP header. However, this token doesn't contain the user's email address (https://kinde.com/docs/build/about-access-tokens/) and so on every REST API call I'm currently getting a M2M token and calling the Kinde API to get the user object to get their email address. The ID token includes the user's email address (https://kinde.com/docs/build/about-id-tokens/) but I can't see any example in your docs of the recommended way of passing this token through to a REST API and validate serverside that the ID token is valid.
There are a few ways to get the ID token: 1. You can call the Get User Profile API endpoint (https://kinde.com/api/docs/#get-user-profile) from your backend using the access_token as authorization 2. In the JS SDK, call the getUser() or getUserProfile() method (see here: https://kinde.com/docs/developer-tools/javascript-sdk/#get-user-information) 3. In the React SDK, see https://kinde.com/docs/developer-tools/react-sdk/#view-user-profile or use the getUser(); method (see https://kinde.com/docs/developer-tools/react-sdk/#getuser) 4. Or, use our newly released token customization feature to add the user's email to the access token - see here: https://kinde.com/docs/build/token-customization/
Kinde Docs
ID tokens - Build on Kinde - Help center
Our developer tools provide everything you need to get started with Kinde.
Kinde Docs
Access tokens - Build on Kinde - Help center
Our developer tools provide everything you need to get started with Kinde.
Kinde Docs
React SDK - Developer tools - Help center
Our developer tools provide everything you need to get started with Kinde.
Kinde Docs
JavaScript SDK - Developer tools - Help center
Our developer tools provide everything you need to get started with Kinde.
Oli - Kinde
Oli - Kinde13mo ago
Our team reviewed your PRs and they look good, but we believe there is existing functionality, outlined above, will achieve what you are after. So we won't merge your PRs for now, but we will keep them open until we have resolved what you are trying to achieve.
Martin
MartinOP13mo ago
(2) and (3) don't work for me because I need to pass the details to my API, which needs to be able to validate that the details are signed, which isn't possible without the complete ID token, hence my PRs. However, (4) looks perfect, thanks! I'll work on integrating this today.
Oli - Kinde
Oli - Kinde13mo ago
Great to hear we could find a solution that works for you. Please let me know if you have any more questions.
Martin
MartinOP13mo ago
Is there any way of tracking how many M2M tokens which I have consumed so far? The billing page doesn't show any M2M token usage, but I don't know if that's because I'm within the free limit?
Oli - Kinde
Oli - Kinde13mo ago
We are currently working on getting the usage numbers, including usage of M2M tokens on the Billing page. It will show usage numbers regardless of the plan you are on.
Martin
MartinOP13mo ago
Perfect
Want results from more Discord servers?
Add your server