NextJS Kinde Management API troubles
Hello,
I have a nextjs project using the @kinde-oss/kinde-auth-nextjs package and I am having trouble using the management api.
I followed the docs by adding the credentials to env file and enabled the management api for the project doing the following: Navigate to Settings → APIs → Kinde Management API → Applications and enable your Next.js app.
Then I implemented the following code to retrieve a Kinde user by its id:
The problem is that the response of getUserData() is always HTTP 403 and I don't know how to resolve this.
Can anyone help me with this?
Thank you,
Joël
10 Replies
Hey @CABZZ - a few things you could check is:
1. your .env file is pointing at the correct app, includes all the necessary credentials / URLs
2. are you using custom domain?
3. the value of KINDE_AUDIENCE - matches the one that is in your settings
4. Is
createKindeManagementAPIClient
returning what you'd expect?
5. I believe there was a bug with createKindeManagementAPIClient
but it was 6 months back - have you updated your app since?
Thanks!@viv (kinde)
1. .env file contains the following props: KINDE_CLIENT_ID, KINDE_CLIENT_SECRET, KINDE_ISSUER_URL, KINDE_POST_LOGIN_REDIRECT_URL, KINDE_POST_LOGOUT_REDIRECT_URL, KINDE_SITE_URL
2. Yes.
3. I am not familiar with KINDE_AUDIENCE. Is it in the docs?
4. createKindeManagementAPIClient is returning what I expect but the getUsersData isn't
5. I use the latest version of the package 2.2.3
On num 2.- so with the mgmt api, you should also send across Kinde audience: https://kinde.com/docs/build/register-an-api/ - if you go to applications > {your app} > apis - you should see a value under
audience
(also the value of your key) which you've toggled on previously that would look something like {domain}/api
and send this across in the request body. As you're using custom domain, you'd also need to ensure that this is the kinde domain value ie https://domain.kinde.com/api
rather than {custom_domain}/api
. I just gave it a test and a missing audience gave me a 403 so that could be what you're encountering also. Please let me know if this helps resolve? Thanks!Kinde Docs
Register and manage APIs - Build on Kinde - Help center
Our developer tools provide everything you need to get started with Kinde.
@viv (kinde) I'm not sure I understand where to set the audience in the request.
Also, would it matter I do this in an endpoint? so there is no user authenticated.
Hi @CABZZ - would you be able to try sending it across in the request body when you are getting the access token (before you send the token across to an endpoint)?
Sorry for the confusion but would you be able to clarify a bit more about
Also, would it matter I do this in an endpoint? so there is no user authenticated.
? Thank you!@viv (kinde) alright so what I am trying to do is use a webhook from brevo, an external application. Brevo sends a request to my nextjs application api endpoint on /api/brevo/webhook/[id].
When handling this request I need to look up some information from a Kinde user, this is why I wanted to use the management api, to get that information.
So I believe there is no place where I am getting a access token. The code I have send in my original post is all I got related to Kinde.
I hope that clarifies my previous question.
Ahh gotcha, would you be able to share a little code from the
getUserData
function? There are a few options to get info about the Kinde user using the management api
- https://kinde.com/api/docs/#get-user (get user info by sending user id) - client credentials flow
- https://kinde.com/api/docs/#get-user-profile (Contains the id, names and email of the currently logged in user.) - auth code w/PKCE flow
Both of these would require you to get the access token first, then send the request across to that endpoint to retrieve information. Otherwise, with that package, you should also be able to use getIdToken
to get the id token & read that for more info about the user. Would these methods resolve your issue? Thanks!The getUserData function is a function from the @kinde-oss/kinde-auth-nextjs package, its not my own. It's Kinde code...
And no these methods would not resolve the issue
@viv (kinde) 😄
Hi @CABZZ , hope you're good?
I have an alternative approach for you, we have just deployed a new dedicated management SDK which is aimed to streamline the usage of the API and make things simpler when it comes to handling tokens.
This SDK will manage the M2M access token for you so you don't have to worry about it at all, plus has a simpler interface.
https://github.com/kinde-oss/management-api-js
GitHub
GitHub - kinde-oss/management-api-js: javascript package for intera...
javascript package for interacting with the Kinde Management API - kinde-oss/management-api-js
Ah cool, ill check it out when i have the time. The feature I was working on was cancelled so dont need it anymore really 😅