Help Needed: Authentication strategy for authenticating access to a backend express API from NextJs
Currently we are doing this in a very scuffed way by copying the authentication token from the
kinde-token cookie to another cookie that is accessible via any of our subdomains.
Does anyone have any suggestions on how we can make this work in a less scuffed way?
We are also having issues with tokens refreshing. I am finding a lot of JWT expired errors while devving and am required to re-sign in rather than the token automatically refreshing after x minutes.
57 Replies
tbh the best would be if we could have all of the functionality of kinde including the token refreshing, but edit the domain that the cookie gets set onto.
I used to be able to do this with next-auth.js, setting the token's
domain to *.my.domain but I have not been able to find this option in kinde...have been using jwksClient and kinde's jwks endpoint to verify jwts so far, and I'm like 80% sure that if the cookie was just set to the correct domain i would have a lot less problems
Kinde Docs
About Kinde authentication - Authentication and access - Help center
Our developer tools provide everything you need to get started with Kinde.
cha cha domain needs to be
.edubeyond.dev 😭
Pls
Hey @alex,
Seems like we need to provide more information here (https://kinde.com/docs/authentication-and-access/#multi-domain-authentication) on how to use Multi-domain authentication.
Are you able to confirm the following for me:
1. What Kinde SDK and version are you using?
2. You are wanting to use multi-domain authentication where the primary domain is the same, but there are different subdomains?
Also, how did you provide a hyperlink on the text here?: https://discord.com/channels/1070212618549219328/1180749281284608060/1180750431568273470
I am trying to figure this out for ages.
Kinde Docs
About Kinde authentication - Authentication and access - Help center
Our developer tools provide everything you need to get started with Kinde.
Discord
Markdown Text 101 (Chat Formatting: Bold, Italic, Underline)
Want to inject some flavor into your everyday text chat? You're in luck! Discord uses Markdown, a simple plain text formatting system that'll help you make your sentences stand out. Here's how to d...
The SDK and version we are using is
yeah multi domain has no information on its docs page or anywhere else
Hey @alex,
Thanks for explaining how to send links. I will definitely use this again.
What version of the NextJS framework are you using? And are you using App Router or Pages Router?
You are wanting to use multi-domain authentication where the primary domain is the same, but there are different subdomains?Also can you confirm you are wanting multi-subdomain authentication?
1. Nextjs 13 with Pages Router (old project; can't migrate)
2. www.edubeyond.dev or edubeyond.dev -> api.edubeyond.dev
Also can you confirm you are wanting multi-subdomain authentication?yes
this
Okay let me get back to you about multiple-subdomain authentication.
In the meantime, I would highly recommend updating to using the latest Kinde NextJS SDK v2.0.10.
Here is a guide on NextJS Pages Router SDK v2
Kinde NextJS v2 has some major updates and features that v1 doesn't have.
Kinde Docs
NextJS Pages Router SDK v2 - Developer tools - Help center
Our developer tools provide everything you need to get started with Kinde.
👍 will upgrade now...
Btw - because you guys are australia based, should I expect not to receive any updates after 5pm your time?
I am a PST customer haha
Hi @alex,
Most of us are based in Australia, but we have people in US and Europe so we can cover support across all timezones. We have customers all over the world and we want to make sure we can support our customers (including you) no matter where you are based.
wonderful
thanks so much
Pleasure, we are here to help, no matter where you are.
huh the new version of next auth sdk may not be compatible with the way that I handle auth currently. I will need to read the code to figure it out 
Let us know if you need help understanding if the new version of the NextJS SDK is or isnt compatible with your current application.
just moved exports to different positions
everything should be working correctly I just need to figure out how to put that cookie on a different domain
also @Oli - Kinde do you know about any problems with tokens not refreshing?
I am not aware of any issues with tokens not refreshing. What issues are you experiencing?
We were are of issues with token refreshes on old versions of the NextJS SDK but these should be solved with the latest version of the NextJS SDK v2.0.10
im not sure if its my code but sometimes after about an hour I start getting JWT expired errors
even though I should be re-setting a live version of the kinde token on every request
That is odd. If you can give information when this issue occurs, we would be able to troubleshoot further.
aw crap you guys changed the cookie names
might have to rewrite some stuff 😭
Apologies, the NextJS v2 does have some breaking changes, but I can assure you the v2 is a big upgrade and is worth the effort.
I would also suggest clearing your cache and restrating your servers once you have migrated to v2
thanks. Please lmk when you find information on multi domain auth
OK i've decided that I will not be upgrading until I find out how to do multi-domain with kinde's next-auth SDK @ v2
with our current setup it is unfavourable to do a rewrite until after we get multi domain working.
Okay I will get back to you with more information on multi-subdomain authentication with NextJS SDK
Hi are there any updates with multiple subdomains?
Hi @alex,
My NextJS expert team mate is still looking into this.
I will give you an update tomorrow.
Hey Alex,
It is taking longer than expected to figure out how to solve your use-case.
Bear with us though, we are destined to give you some accurate advice on how to solve your use-case
i was looking into using Kinde APIs, but I'm not sure how to add an api scope via the nextjs sdkIf you can wait, I would suggesting waiting to hear back from us on the best way to achieve your use-case.
alright
Apologies for the wait @alex
its all good
Bump
Hey @alex,
We are still investigating the best approach for achieving multi-subdomain authentication on NextJS using Kinde. My NextJS teammate is still actively working on this and he's making progress.
I will get back to you once I have more information.
ok
Hey @alex,
Thank you so so much for your patience.
We had to make an update to the NextJS SDK to allow multi-domain authentication on NextJS apps with Kinde.
You can access the beta version at
@kinde-oss/[email protected]
Now in the .env file they can set KINDE_COOKIE_DOMAIN=yourdomain.com to have the cookies be applied to all subdomains
So the cookies should persist over app.yourdomain.com, test.yourdomain.com (basically *.yourdomain.com)
This is a beta release, so please give us any feedback on this release.
Once we have confirmed this release is stable (with your help) we will publish this release and update the NextJS SDK docs.
Please reach ouf if you have any questions, and once again thanks for your patience.damn thanks oli
I'll update my application to support this when I get the chance.
hi @Oli - Kinde , does this fix exist now in @2.1.13?
Hi @alex,
Yes this fix should be in v2.1.13
Let me know if you have any issues.
Thanks
yep, it works just fine in the latest version too
thanks a lot!
My pleasure!
hi @Oli - Kinde , I was just wondering about how the security implications of browser cookies that don't use HTTPONLY and SECURE flags, as Kinde appears not to set those. There is also no SAMESITE policy. From my very limited understanding, these flags are supposed to be important regarding security, but I'm not exactly certain about any of this. If you could clarify, that would be great.
Hey @alex,
Great question, let me get back to you on this.
Hey @alex,
Most of our SDKs have cookies set with HTTPONLY, SECURE & SAMESITE. However the NextJS SDK doesnt have this but we are working on getting the NextJS SDK cookies to be set with HTTPONLY, SECURE & SAMESITE.
Thanks for pointing this out.
👍 hopefully that comes soon because EduBeyond is deploying to a load of customers in the coming weeks. Please keep me updated so that I can bring our version of Kinde to the latest version once you guys are finished with that.
I will keep you in the loop
rthanks
Hi @alex , just to let you know that we have released an update to the NextJS SDK, version 2.1.14. This updates the cookie settings.
Have a great weekend!
you too!
Hi need help accessing token using typescript sdk after succesful registration and login
Hi @kwabena,
Are you able to explain more about what you are trying to do with the Typescript SDK so I can help you further?