K
Kinde9mo ago
slugr

Authentication error

I set up a new Rails app using the ruby SDK and I'm getting Authentication error when trying to log in. I see that the user does get registered, but I can't log in for some reason. I get as far as entering confirmation code. I've triple checked my app config (which is more or less the default) and callback URLs and everything seems correct.
7 Replies
Oli - Kinde
Oli - Kinde9mo ago
Hi @bed sores, Sorry to hear you are experiencing this issue. Would you be willing to share a recording (or screenshot) of your issue? You can DM me this if you prefer. Also, if you are willing to do so, would you be willing to download the Ruby starter kit and see if you are experiencing the same issue?
GitHub
GitHub - kinde-starter-kits/ruby-starter-kit: Get up and going with...
Get up and going with Kinde using Ruby. Contribute to kinde-starter-kits/ruby-starter-kit development by creating an account on GitHub.
slugr
slugrOP9mo ago
@Oli - Kinde DM sent. i was basing mine off that starter kit example but will try and run it and let you know what happens. i get a different error when running the starter kit: {"error":"invalid_request","error_description":"The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Redirect URL is using an insecure protocol, http is only allowed for hosts with suffix 'localhost', for example: http://myapp.localhost/."} could be that, for some reason, it's just hiding the error in my setup? will try and use localhost and see if that fixes it hm, nope. so just using localhost fixed the starter kit, but my app stil results in Authentication error. made a bit of progress, i think. 
                                                           HTTP/1.1 403 Forbidden
18:27:40 web.1  | Date: Mon, 11 Mar 2024 01:27:40 GMT
18:27:40 web.1  | Content-Length: 0
18:27:40 web.1  | Connection: keep-alive
18:27:40 web.1  | Vary: Origin
18:27:40 web.1  |
18:27:40 web.1  | Connection #0 to host app.kinde.com left intact
18:27:40 web.1  | ETHON: performed EASY effective_url=https://app.kinde.com/oauth2/user_profile response_code=403 return_code=ok total_time=0.608534
18:27:40 web.1  | HTTP response body ~BEGIN~
18:27:40 web.1  |
18:27:40 web.1  | ~END~
18:27:40 web.1  |
18:27:40 web.1  | Completed 500 Internal Server Error in 894ms (ActiveRecord: 0.0ms | Allocations: 6960)
                                                           HTTP/1.1 403 Forbidden
18:27:40 web.1  | Date: Mon, 11 Mar 2024 01:27:40 GMT
18:27:40 web.1  | Content-Length: 0
18:27:40 web.1  | Connection: keep-alive
18:27:40 web.1  | Vary: Origin
18:27:40 web.1  |
18:27:40 web.1  | Connection #0 to host app.kinde.com left intact
18:27:40 web.1  | ETHON: performed EASY effective_url=https://app.kinde.com/oauth2/user_profile response_code=403 return_code=ok total_time=0.608534
18:27:40 web.1  | HTTP response body ~BEGIN~
18:27:40 web.1  |
18:27:40 web.1  | ~END~
18:27:40 web.1  |
18:27:40 web.1  | Completed 500 Internal Server Error in 894ms (ActiveRecord: 0.0ms | Allocations: 6960)
this is seemingly coming from KindeSdk.client(session[:kinde_auth]).oauth.get_user.to_hash in the after login callback 
class AuthController < ApplicationController
  def login
    auth = KindeSdk.auth_url
    session[:code_verifier] = auth[:code_verifier]

    redirect_to auth[:url], allow_other_host: true
  end

  def after_login
    session[:kinde_auth] =
      KindeSdk
      .fetch_tokens(params['code'], code_verifier: session[:code_verifier])
      .slice(:access_token, :refresh_token, :expires_at)

    session[:kinde_user] = KindeSdk.client(session[:kinde_auth]).oauth.get_user.to_hash

    redirect_to root_path
  end

  def logout
    redirect_to KindeSdk.logout_url, allow_other_host: true
  end

  def after_logout
    reset_session

    redirect_to root_path
  end
end
class AuthController < ApplicationController
  def login
    auth = KindeSdk.auth_url
    session[:code_verifier] = auth[:code_verifier]

    redirect_to auth[:url], allow_other_host: true
  end

  def after_login
    session[:kinde_auth] =
      KindeSdk
      .fetch_tokens(params['code'], code_verifier: session[:code_verifier])
      .slice(:access_token, :refresh_token, :expires_at)

    session[:kinde_user] = KindeSdk.client(session[:kinde_auth]).oauth.get_user.to_hash

    redirect_to root_path
  end

  def logout
    redirect_to KindeSdk.logout_url, allow_other_host: true
  end

  def after_logout
    reset_session

    redirect_to root_path
  end
end
Oli - Kinde
Oli - Kinde9mo ago
Hey @bed sores, Thanks for all of this information. The 403 Forbidden error you're encountering when trying to fetch user information using KindeSdk.client(session[:kinde_auth]).oauth.get_user.to_hash suggests that there's an issue with the permissions or authentication of your request. This could be due to several reasons: 1. Invalid or Expired Access Token: Ensure that the access token you're using to make the request is valid and has not expired. The fetch_tokens method should provide you with a valid access token, but it's worth verifying that this token is correctly stored in session[:kinde_auth] and is being used properly in the request. 2. Insufficient Permissions: The access token must have the necessary permissions to access user information. Make sure that the scopes requested during the authentication process include permissions to access user profile data. By default, Kinde requests scopes like profile, email, offline, and openid. If you've customized the scopes, ensure that you're requesting the appropriate ones. 3. Configuration Issues: Double-check your Kinde SDK configuration to ensure that all required fields (such as domain, client_id, client_secret, callback_url, and logout_url) are correctly set up. Misconfiguration in any of these could lead to authentication issues. 4. Session Management: Verify that the session management in your Rails application is working as expected. Issues with session persistence or incorrect session data could lead to authentication errors. Given the code snippet you've shared, your implementation seems correct. However, you might want to add some error handling around the fetch_tokens and get_user calls to catch any issues and log them for further investigation. Please let me know if you are still experiencing issues.
slugr
slugrOP9mo ago
yeah sorry, still having the same issue. :/ not sure what to do about #1 if that were the issue. for #2, i'm asking for the default openid offline email profile, haven't customized it. #3, double checked and i'm setting everything. i'm def doing something wrong since the sdk example worked, i just don't know what actually logging in works, it's the KindeSdk.client().oauth.get_user that doesn't
Oli - Kinde
Oli - Kinde9mo ago
Hey @bed sores, We had a few customers reporting 403 errors and we just deployed a fix. Are you able to try again and see if you are still experiencing 403 errors?
slugr
slugrOP9mo ago
sweet, works now. thanks!
Oli - Kinde
Oli - Kinde9mo ago
Awesome great to hear. Please reach out if you come across any other issues.
Want results from more Discord servers?
Add your server