Next.js with separate backend - which SDK to use?
Let's say I have a Next.js application (both client-side + server-side), but then also a separate Express server. What is the recommended way to add auth to the whole setup with Kinde?
4 Replies
Yeah but there are still use cases for having a separate server
Use nextjs for user facing authentication, send requests as an authenticated user with the raw access tokens as bearer token to your backend for requests (getAccessTokenRaw from kindeserversession or from the use browser client hook), then, on your server simply verify the token using kindes jwks url. You can use your own simple middleware to do this (use a library like jose for node). I believe kinde has examples on this. I am currently using this using golang instead of node for the backend and it works great.
Yeah this makes sense I think. Are you using the audience claim?
I verify the audience, signing algorithm (RS256) and the issuer claims. You could even take it a step further and include non-standard claims as Kinde also sends along permissions in the access token (and more parameters if configured in the applications’ token settings). This is useful for restricting certain API routes for users which for example have an admin role or are in a specific organisation. Though if you only need simple protection theres a jwtVerify function middleware in their Express sdk which protects routes and provides a user id in the request. https://kinde.com/docs/developer-tools/express-sdk/#verify-jwt
Kinde Docs
ExpressJS SDK - Developer tools - Help center
Our developer tools provide everything you need to get started with Kinde.