K
Kinde13mo ago
alex

Help Needed: Authentication strategy for authenticating access to a backend express API from NextJs

Currently we are doing this in a very scuffed way by copying the authentication token from the kinde-token cookie to another cookie that is accessible via any of our subdomains. Does anyone have any suggestions on how we can make this work in a less scuffed way? We are also having issues with tokens refreshing. I am finding a lot of JWT expired errors while devving and am required to re-sign in rather than the token automatically refreshing after x minutes.
No description
57 Replies
alex
alexOP13mo ago
tbh the best would be if we could have all of the functionality of kinde including the token refreshing, but edit the domain that the cookie gets set onto. I used to be able to do this with next-auth.js, setting the token's domain to *.my.domain but I have not been able to find this option in kinde...
alex
alexOP13mo ago
have been using jwksClient and kinde's jwks endpoint to verify jwts so far, and I'm like 80% sure that if the cookie was just set to the correct domain i would have a lot less problems
No description
alex
alexOP13mo ago
was able to locate this but I can't figure out how to enable it HAHA
Kinde Docs
About Kinde authentication - Authentication and access - Help center
Our developer tools provide everything you need to get started with Kinde.
alex
alexOP13mo ago
cha cha domain needs to be .edubeyond.dev 😭
No description
alex
alexOP13mo ago
Pls
Oli - Kinde
Oli - Kinde13mo ago
Hey @alex, Seems like we need to provide more information here (https://kinde.com/docs/authentication-and-access/#multi-domain-authentication) on how to use Multi-domain authentication. Are you able to confirm the following for me: 1. What Kinde SDK and version are you using? 2. You are wanting to use multi-domain authentication where the primary domain is the same, but there are different subdomains? Also, how did you provide a hyperlink on the text here?: https://discord.com/channels/1070212618549219328/1180749281284608060/1180750431568273470 I am trying to figure this out for ages.
Kinde Docs
About Kinde authentication - Authentication and access - Help center
Our developer tools provide everything you need to get started with Kinde.
alex
alexOP13mo ago
markdown TLDR: [text you want to show](hyperlink you want text to go to)
Discord
Markdown Text 101 (Chat Formatting: Bold, Italic, Underline)
Want to inject some flavor into your everyday text chat? You're in luck! Discord uses Markdown, a simple plain text formatting system that'll help you make your sentences stand out. Here's how to d...
alex
alexOP13mo ago
The SDK and version we are using is
No description
alex
alexOP13mo ago
yeah multi domain has no information on its docs page or anywhere else
Oli - Kinde
Oli - Kinde13mo ago
Hey @alex, Thanks for explaining how to send links. I will definitely use this again. What version of the NextJS framework are you using? And are you using App Router or Pages Router?
You are wanting to use multi-domain authentication where the primary domain is the same, but there are different subdomains?
Also can you confirm you are wanting multi-subdomain authentication?
alex
alexOP13mo ago
1. Nextjs 13 with Pages Router (old project; can't migrate) 2. www.edubeyond.dev or edubeyond.dev -> api.edubeyond.dev
Also can you confirm you are wanting multi-subdomain authentication?
yes
alex
alexOP13mo ago
this
No description
Oli - Kinde
Oli - Kinde13mo ago
Okay let me get back to you about multiple-subdomain authentication.
Oli - Kinde
Oli - Kinde13mo ago
In the meantime, I would highly recommend updating to using the latest Kinde NextJS SDK v2.0.10. Here is a guide on NextJS Pages Router SDK v2 Kinde NextJS v2 has some major updates and features that v1 doesn't have.
Kinde Docs
NextJS Pages Router SDK v2 - Developer tools - Help center
Our developer tools provide everything you need to get started with Kinde.
alex
alexOP13mo ago
👍 will upgrade now... Btw - because you guys are australia based, should I expect not to receive any updates after 5pm your time? I am a PST customer haha
Oli - Kinde
Oli - Kinde13mo ago
Hi @alex, Most of us are based in Australia, but we have people in US and Europe so we can cover support across all timezones. We have customers all over the world and we want to make sure we can support our customers (including you) no matter where you are based.
alex
alexOP13mo ago
wonderful thanks so much
Oli - Kinde
Oli - Kinde13mo ago
Pleasure, we are here to help, no matter where you are.
alex
alexOP13mo ago
huh the new version of next auth sdk may not be compatible with the way that I handle auth currently. I will need to read the code to figure it out sigh
Oli - Kinde
Oli - Kinde13mo ago
Let us know if you need help understanding if the new version of the NextJS SDK is or isnt compatible with your current application.
alex
alexOP13mo ago
just moved exports to different positions everything should be working correctly I just need to figure out how to put that cookie on a different domain also @Oli - Kinde do you know about any problems with tokens not refreshing?
Oli - Kinde
Oli - Kinde13mo ago
I am not aware of any issues with tokens not refreshing. What issues are you experiencing? We were are of issues with token refreshes on old versions of the NextJS SDK but these should be solved with the latest version of the NextJS SDK v2.0.10
alex
alexOP13mo ago
im not sure if its my code but sometimes after about an hour I start getting JWT expired errors even though I should be re-setting a live version of the kinde token on every request
Oli - Kinde
Oli - Kinde13mo ago
That is odd. If you can give information when this issue occurs, we would be able to troubleshoot further.
alex
alexOP13mo ago
aw crap you guys changed the cookie names might have to rewrite some stuff 😭
Oli - Kinde
Oli - Kinde13mo ago
Apologies, the NextJS v2 does have some breaking changes, but I can assure you the v2 is a big upgrade and is worth the effort. I would also suggest clearing your cache and restrating your servers once you have migrated to v2
alex
alexOP13mo ago
thanks. Please lmk when you find information on multi domain auth OK i've decided that I will not be upgrading until I find out how to do multi-domain with kinde's next-auth SDK @ v2 with our current setup it is unfavourable to do a rewrite until after we get multi domain working.
Oli - Kinde
Oli - Kinde13mo ago
Okay I will get back to you with more information on multi-subdomain authentication with NextJS SDK
alex
alexOP13mo ago
Hi are there any updates with multiple subdomains?
Oli - Kinde
Oli - Kinde13mo ago
Hi @alex, My NextJS expert team mate is still looking into this. I will give you an update tomorrow.
alex
alexOP13mo ago
Please
Oli - Kinde
Oli - Kinde13mo ago
Hey Alex, It is taking longer than expected to figure out how to solve your use-case. Bear with us though, we are destined to give you some accurate advice on how to solve your use-case
alex
alexOP13mo ago
Thanks i was looking into using Kinde APIs, but I'm not sure how to add an api scope via the nextjs sdk
Oli - Kinde
Oli - Kinde13mo ago
If you can wait, I would suggesting waiting to hear back from us on the best way to achieve your use-case.
alex
alexOP13mo ago
alright
Oli - Kinde
Oli - Kinde13mo ago
Apologies for the wait @alex
alex
alexOP13mo ago
its all good Bump
Oli - Kinde
Oli - Kinde13mo ago
Hey @alex, We are still investigating the best approach for achieving multi-subdomain authentication on NextJS using Kinde. My NextJS teammate is still actively working on this and he's making progress. I will get back to you once I have more information.
alex
alexOP13mo ago
ok
Oli - Kinde
Oli - Kinde13mo ago
Hey @alex, Thank you so so much for your patience. We had to make an update to the NextJS SDK to allow multi-domain authentication on NextJS apps with Kinde. You can access the beta version at @kinde-oss/[email protected] Now in the .env file they can set KINDE_COOKIE_DOMAIN=yourdomain.com to have the cookies be applied to all subdomains So the cookies should persist over app.yourdomain.com, test.yourdomain.com (basically *.yourdomain.com) This is a beta release, so please give us any feedback on this release. Once we have confirmed this release is stable (with your help) we will publish this release and update the NextJS SDK docs. Please reach ouf if you have any questions, and once again thanks for your patience.
alex
alexOP11mo ago
damn thanks oli I'll update my application to support this when I get the chance. hi @Oli - Kinde , does this fix exist now in @2.1.13?
Oli - Kinde
Oli - Kinde11mo ago
Hi @alex, Yes this fix should be in v2.1.13 Let me know if you have any issues.
alex
alexOP11mo ago
Thanks yep, it works just fine in the latest version too thanks a lot!
Oli - Kinde
Oli - Kinde11mo ago
My pleasure!
alex
alexOP11mo ago
hi @Oli - Kinde , I was just wondering about how the security implications of browser cookies that don't use HTTPONLY and SECURE flags, as Kinde appears not to set those. There is also no SAMESITE policy. From my very limited understanding, these flags are supposed to be important regarding security, but I'm not exactly certain about any of this. If you could clarify, that would be great.
Oli - Kinde
Oli - Kinde11mo ago
Hey @alex, Great question, let me get back to you on this. Hey @alex, Most of our SDKs have cookies set with HTTPONLY, SECURE & SAMESITE. However the NextJS SDK doesnt have this but we are working on getting the NextJS SDK cookies to be set with HTTPONLY, SECURE & SAMESITE. Thanks for pointing this out.
alex
alexOP11mo ago
👍 hopefully that comes soon because EduBeyond is deploying to a load of customers in the coming weeks. Please keep me updated so that I can bring our version of Kinde to the latest version once you guys are finished with that.
Oli - Kinde
Oli - Kinde11mo ago
I will keep you in the loop
alex
alexOP11mo ago
rthanks
Daniel_Kinde
Daniel_Kinde11mo ago
Hi @alex , just to let you know that we have released an update to the NextJS SDK, version 2.1.14. This updates the cookie settings.
Daniel_Kinde
Daniel_Kinde11mo ago
Have a great weekend!
alex
alexOP11mo ago
you too!
kwabena
kwabena9mo ago
Hi need help accessing token using typescript sdk after succesful registration and login
Oli - Kinde
Oli - Kinde9mo ago
Hi @kwabena, Are you able to explain more about what you are trying to do with the Typescript SDK so I can help you further?
Want results from more Discord servers?
Add your server