Kinde Webhook
Dear Kinde Support Team,
We are encountering a persistent issue with webhook requests sent to our endpoint "https://{*******}.convex.site/kinde-webhook". Our logs indicate that the
Authorization header is consistently missing from the incoming requests, and we are unable to authenticate and process these requests as expected.
Additionally, we've faced repeated issues with JSON parsing errors, specifically an "Unexpected token 'e'" error, suggesting that the payload might be incorrectly formatted or encoded. Here is an example of the error message from our logs:
- Error parsing JSON: [SyntaxError: Unexpected token 'e', "eyJhbGciOi"... is not valid JSON]
Here are the headers received with one such problematic request:
- Host: {**}.convex.site
- User-Agent: Go-http-client/2.0
- Content-Length: 774
- Accept-Encoding: gzip
- Content-Type: application/json
- Webhook-ID: 80a74830**
- Webhook-Timestamp: 1715521568
- X-Forwarded-For: *
- X-Forwarded-Host:{}.convex.site
- X-Forwarded-Proto: http
- Convex-Request-ID: **
Despite multiple attempts to rectify this issue by checking our configuration and validating incoming data formats, the problem persists. We expected the JWT to be included in the Authorization header formatted as Bearer <token>. This missing header is crucial for our authentication process.
Could you please investigate on your end why the Authorization header is not included as expected, and why we might be receiving malformed JSON payloads? Any insights or corrections from your side would be greatly appreciated to ensure reliable communication between our systems.
Thank you for your attention to this matter.6 Replies
HI, Kinde webhooks are not sent as JSON payloads they are sent as JWT tokens, these tokens are signed and can be validated using the JWKS key that they payload you are recieving is from Kinde and untampered.
You can use our packages to help here
https://github.com/kinde-oss/jwt-decoder
https://github.com/kinde-oss/jwt-validator
GitHub
GitHub - kinde-oss/jwt-decoder
Contribute to kinde-oss/jwt-decoder development by creating an account on GitHub.
GitHub
GitHub - kinde-oss/jwt-validator
Contribute to kinde-oss/jwt-validator development by creating an account on GitHub.
Thank you!
Hi, I ran into the same issue following the kinde blog post :
https://kinde.com/blog/engineering/kinde-with-convex-webhooks-to-realtime-data/
the blog post has code that suggests the jwt arrives in the webhook as part of the authorization header :
const authHeader = request.headers.get("Authorization");
const jwt = authHeader.split(" ")[1]; // Assuming the header format is "Bearer <jwt>"
but in fact it is arriving in the payload.
Is the blog out of date or am I following the wrong documentation.
Kinde Blog
Kinde with Convex: Webhooks to real-time data
This guide will outline the procedure to sync user data from Kinde Auth into a Convex database utilizing Webhooks.
Hi,
This is a mistake in the documentation, I will get it updated. They token comes as the payload not in the header.
Sorry for the confusion
Thank you. I appreciate your response. I understand webhooks are in beta and fairly new to Kinde.
As constructive feedback, i thought I'd share that I have been migrating from clerkjs and was looking for similar onboarding documentation that clerkjs had to get a basic user creation into my convex db. After a week of playing with this I just today ran across kinde's jwt verify and decode utility functions that I think will get me to through. thanks
Thanks for this. We are looking to tie up these utility functions to webhooks with types tighter in the near future.