K
Kinde12mo ago
internetjohnny

Generating Access Tokens

I'm using the Kinde Management API. I've run into an issue where the Bearer Token (access token) I've generated in Postman expires after 24 hours. I understand that I can solve this by generating a new one for each API request that I want to perform, but I cannot figure out how to do so. The documentation (https://kinde.com/docs/build/get-access-token-for-connecting-securely-to-kindes-api/) for generating one through Postman is really thorough, but the NodeJS one isn't that much. Could you guys expand on the existing Node.js fetch example documentation? What should I do with the response in order to get the access token?
No description
9 Replies
internetjohnny
internetjohnnyOP12mo ago
Solved this way, if anyone else struggles with this issue: 
export async function getAccessToken() {
    const issuerURL = process.env.KINDE_ISSUER_URL;
    const clientID = process.env.KINDE_CLIENT_ID;
    const clientSecret = process.env.KINDE_CLIENT_SECRET;
   
    if (!issuerURL) {
      throw new Error('KINDE_ISSUER_URL is not defined');
    } else if (!clientID) {
      throw new Error('KINDE_CLIENT_ID is not defined');
    } else if (!clientSecret) {
      throw new Error('KINDE_CLIENT_SECRET is not defined');
    }
   
    const headers: Record<string, string> = {
        'Content-Type': 'application/x-www-form-urlencoded',
    };
    const authHeader = `Basic ${Buffer.from(
        `${clientID}:${clientSecret}`
    ).toString('base64')}`;
    headers['Authorization'] = authHeader;

    const requestBody = new URLSearchParams();
    requestBody.append('grant_type', 'client_credentials');

    fetch(`${issuerURL}/oauth2/token`, {
        method: 'POST',
        headers: headers,
        body: requestBody,
    })
        .then((response) => response.json())
        .then((data) => {
            // Access token obtained successfully
            const accessToken = data.access_token;
            console.log('Access Token:', accessToken);
        })
        .catch((error) => {
            console.error('Error:', error.message);
        });
}
export async function getAccessToken() {
    const issuerURL = process.env.KINDE_ISSUER_URL;
    const clientID = process.env.KINDE_CLIENT_ID;
    const clientSecret = process.env.KINDE_CLIENT_SECRET;
   
    if (!issuerURL) {
      throw new Error('KINDE_ISSUER_URL is not defined');
    } else if (!clientID) {
      throw new Error('KINDE_CLIENT_ID is not defined');
    } else if (!clientSecret) {
      throw new Error('KINDE_CLIENT_SECRET is not defined');
    }
   
    const headers: Record<string, string> = {
        'Content-Type': 'application/x-www-form-urlencoded',
    };
    const authHeader = `Basic ${Buffer.from(
        `${clientID}:${clientSecret}`
    ).toString('base64')}`;
    headers['Authorization'] = authHeader;

    const requestBody = new URLSearchParams();
    requestBody.append('grant_type', 'client_credentials');

    fetch(`${issuerURL}/oauth2/token`, {
        method: 'POST',
        headers: headers,
        body: requestBody,
    })
        .then((response) => response.json())
        .then((data) => {
            // Access token obtained successfully
            const accessToken = data.access_token;
            console.log('Access Token:', accessToken);
        })
        .catch((error) => {
            console.error('Error:', error.message);
        });
}
ev_kinde
ev_kinde12mo ago
The access tokens generated via the client credentials are machine-to-machine tokens and won’t include the user subject. I’m not sure what you are after, but include the user part as well. For API authorization on user’s behalf, you’d need to register and enable the API in Kinde UI, then request the API’s audience as one of the auth parameters. This will include the API audience into the user token, which you can validate in you APIs.
ev_kinde
ev_kinde12mo ago
For the long-running user sessions, you could use refresh tokens with the offline scope. https://kinde.com/docs/developer-tools/refresh-tokens/
Kinde Docs
Refresh tokens - Developer tools - Help center
Our developer tools provide everything you need to get started with Kinde.
internetjohnny
internetjohnnyOP12mo ago
I'm simply trying to provision a user using the Kinde Management API. I would prefer to use the Kinde hosted UI to let a user create their account, but my specific use-case requires me to also create a user in my own database. And since Kinde Event Hooks is not accessible yet, I have to do it through the Management API. Would be great if there was some sort of abstraction on top of the Access Tokens, because all this is so confusing and complicated... Is there any ETA for Event Hooks being in Beta?
onderay
onderay12mo ago
We have a pre beta setup that connects with Zapier. Would you be open to using that? Event Hooks will be mid to late Q1 2024
internetjohnny
internetjohnnyOP12mo ago
Yeah, would love to try it out!
Oli - Kinde
Oli - Kinde12mo ago
Hey @internetjohnny, You can add the Kinde Zapier app (currently invite only) to your Zapier account using the following url: https://zapier.com/developer/public-invite/184402/d344c8c1953343fed6b6f36df02e733d/ Also have a read of the following related doc: Zapier App - Event Hooks (Beta)
Kinde on Notion
Zapier App - Event Hooks (Beta) | Built with Notion
Connect Zapier to Kinde
internetjohnny
internetjohnnyOP12mo ago
Thank you!
Oli - Kinde
Oli - Kinde12mo ago
Pleasure. As this feature is in beta, please don't hesitate to reach out with any feedback you have (the good, the bad, the ugly).
Want results from more Discord servers?
Add your server