K
Kindeβ€’12mo ago
Eranga

Trouble handling callback from SSO always returns 400

Kinde
Kinde
App infrastructure as a service.
Kinde Docs
Using Kinde without an SDK - Developer tools - Help center
Our developer tools provide everything you need to get started with Kinde.
7 Replies
onderay
onderayβ€’12mo ago
Sorry to see that you hit a snag with getting Kinde working. I will get a more experienced team member to help with this, but this is my inital thoughts on what might be happen. One thing that stands out is that you're sending the parameters in the URL of your POST request. For the token request, these parameters should be sent in the body of the request, not the URL. Here's an example of how your request should look like: POST /oauth2/token HTTP/1.1 Host: novade.kinde.com Content-Type: application/x-www-form-urlencoded grant_type=authorization_code& client_id=279d4ec6490d402b817c4d7aec122373& redirect_uri=https://lite-staging.novade.net/login-sso& code=XKRMtXK-SM4SorkGIZ2pJqycIXmY_EJfuEjk18yXBgU.jvdQuoUBYfJVk7Bm2JfW3S2KRu408iIlWzD2DrCBLLE& code_verifier=code_verifier
Eranga
ErangaOPβ€’12mo ago
Ah, I see. In your doc it rather seemed like a single URL Let me try this quick This is the cURL request for the same as you suggested
curl --location 'https://novade.kinde.com/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data '{
"grant_type": "authorization_code",
"client_id": "279d4ec6490d402b817c4d7aec122373",
"redirect_uri":"https://lite-staging.novade.net/login-sso",
"code":"XKRMtXK-SM4SorkGIZ2pJqycIXmY_EJfuEjk18yXBgU.jvdQuoUBYfJVk7Bm2JfW3S2KRu408iIlWzD2DrCBLLE",
"code_verifier":"code_verifier"
}'
curl --location 'https://novade.kinde.com/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data '{
"grant_type": "authorization_code",
"client_id": "279d4ec6490d402b817c4d7aec122373",
"redirect_uri":"https://lite-staging.novade.net/login-sso",
"code":"XKRMtXK-SM4SorkGIZ2pJqycIXmY_EJfuEjk18yXBgU.jvdQuoUBYfJVk7Bm2JfW3S2KRu408iIlWzD2DrCBLLE",
"code_verifier":"code_verifier"
}'
Now it says me: {"error":"invalid_request","error_description":"The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Request parameter 'grant_type' is missing"} But I am sending the grant_type Can I also know if I send an invalid code_verifier value, will it still throw me 400 status code? My bad, I didn't send it as a form. Not I am getting some meaningful errors πŸ˜„ @Andre @ Kinde Thanks, now it works
onderay
onderayβ€’12mo ago
Great to hear that its working now @Eranga ! 1. No other errors? 2. What would you of improved in our docs?
Eranga
ErangaOPβ€’12mo ago
@Andre @ Kinde Sorry for the late reply. I had other errors but they were actually issues on my end since this was my first time trying out SSO. To be honest, I was in a hurry to implement SSO using Kinde because I did it for a hackathon in my company. So I had like 1 day for doing everything. I guess you guys are doing a great job in terms of making SSO pretty smooth for developers like us
Eranga
ErangaOPβ€’12mo ago
So to answer your 2nd question, I believe I was a bit mislead by https://kinde.com/docs/developer-tools/using-kinde-without-an-sdk/#handling-the-callback request description. Maybe it is me, but I felt like I should have made a POST request with every parameter set as query parameters.
Kinde Docs
Using Kinde without an SDK - Developer tools - Help center
Our developer tools provide everything you need to get started with Kinde.
Eranga
ErangaOPβ€’12mo ago
I would recommend adding proper API request documentation there so there is no ambiguity there Not related to your docs, but as a feature request I believe it will be very nice if we can integrate the SSO in our own UI without redirecting to your UI (I know you guys have already thought about it and working on it). This was discussed in our hackathon and came as a feedback for me. The main reason was that we don't have control over what we can show in that UI. Another thing that was discussed is the recent incident with Okta (another player in Auth0 - you probably know them πŸ˜‰ ) where it got hacked and customer information was leaked. So, our company is very cautious about using 3rd party providers when it comes to user data. This is something I believe every company guarantees to its customers but there is going to be unfortunate events like that happening everyday. I think you have this on your website but almost at the end of your site. Since you are all about authentication and authorisation which is about securing stuff, you might want to rank the security of the system a bit higher. Again, I am very happy with the support you provided throught my development. Good luck 🀞 Oh, and one other thing. I noticed that if I add "Microsoft AD" as an Enterprise Identity provider and if I am already logged in, I don't get a chance to select which account I need to log in from. I could have more than one Microsoft accounts. This could also be me being a novice to this IAM domain. So if this is already handled, just forget about this.
onderay
onderayβ€’12mo ago
A big thanks for all the feedback @Eranga , please keep it coming as we are always looking at ways to improve the product and docs.
Want results from more Discord servers?
Add your server