K
Kinde•11mo ago
jonericcook

Offline Usage of Kinde Auth

Hello, I will have a web app (react or nextjs) and a mobile app (ios and maybe later android). All the apps (mobile and web) will use Kinde auth and Kinde billing (when it released). I plan to have the user sign up on the web app and start a subscription (i dont want to deal with In-App Purchases in the apple app store). Once everything is done (user is signed up and they have an active subscription) I want them to be able to use their mobile app offline. I found this https://kinde.com/docs/authentication-and-access/user-auth-applications/#offline-scopes-and-refresh-tokens but wanted to come here and confirm my desired behavior is possible. Essentially, I want to allow the user to use the app offline for a set amount of time (maybe 5-7 days) and after that time I will force them to get an internet connection and re-authenticate. If in that window of time they canceled their subscription I want to block them from using the app.
Kinde Docs
Manage authentication across multiple applications - Authentication...
Our developer tools provide everything you need to get started with Kinde.
3 Replies
onderay
onderay•11mo ago
👋 @jonericcook Yes, your desired behavior is possible with Kinde. For offline access, you can use the offline scope in your authentication request. This will provide you with a refresh token that can be used to maintain long-running sessions. This works both in back-end apps and in web apps. Here's an example of how to get a refresh token:
curl -X POST -H "Content-Type: application/x-www-form-urlencoded" \
-d "response_type=code&client_id=your_client_id&redirect_uri=your_redirect_uri&scope=offline%20email%20openid%20profile&grant_type=authorization_code" \
https://<yoursubdomain>.kinde.com/oauth2/auth
curl -X POST -H "Content-Type: application/x-www-form-urlencoded" \
-d "response_type=code&client_id=your_client_id&redirect_uri=your_redirect_uri&scope=offline%20email%20openid%20profile&grant_type=authorization_code" \
https://<yoursubdomain>.kinde.com/oauth2/auth
You can set the refresh token's lifetime to your desired offline period (5-7 days). After this period, the user will need to re-authenticate. Once we Billing out, you will be able to check in the token if they still have access.
jonericcook
jonericcookOP•11mo ago
@Andre @ Kinde "This works both in back-end apps and in web apps." does this also mean it works in mobile apps?
onderay
onderay•11mo ago
Correct
Want results from more Discord servers?
Add your server