Kinde SDK offline PWA
Is there a web sdk y’all offer that would be best for an offline first PWA?
12 Replies
Hey @jonericcook,
What language/frameworks are you using in your PWA?
@Oli - Kinde JavaScript via nextjs, react or svelte
I haven’t chosen the framework yet - you guys are going to be a some what large piece of my app - I’ll be using your user auth and stripe integration for user subscriptions
Hi @jonericcook,
In that case, I would recommend using our NextJS SDK for your PWA. The SDK provides support for integrating authentication and authorization features into NextJS applications, which can be beneficial for PWAs built with NextJS.
NextJS SDK is also our most popular SDK.
You can find more details about our NextJS SDK in the following link: https://docs.kinde.com/developer-tools/sdks/backend/nextjs-sdk/
Let me know if you have any other questions.
Kinde docs
NextJS App Router SDK
Our developer tools provide everything you need to get started with Kinde.
Would nextjs still work if I want to do a SPA and treat you guys as my backend?
I’m thinking about using sveltkit and using its SPA https://kit.svelte.dev/docs/single-page-apps ability. Would I then just need to use your typescript SDK?
SvelteKit docs
Single-page apps • SvelteKit documentation
Hey @jonericcook,
Yes, you can use Next.js to build a Single Page Application (SPA) and use Kinde as your backend for authentication and other services. For integrating with SvelteKit and its SPA capabilities, you can indeed use the Kinde TypeScript SDK, but it would be more appropriate to use our SvelteKit SDK specifically designed for SvelteKit applications.
The Kinde SvelteKit SDK is fully compatible with SvelteKit's SPA mode and provides easy integration for authentication and session management.
Let me know if you have any further questions.
@Oli - Kinde I was reading your react sdk docs https://docs.kinde.com/developer-tools/sdks/frontend/react-sdk/#call-your-api and was wondering if it's possible to have a react app (so frontend only) and then have you guys as my backend (for the bulk of my app all the logic is done locally and not on a server)? The app i want to make only has the following logic: a user signup and signout, recurring billing (going to use what you will offer soon) and video editing related functionality. I want to make it an offline first PWA. Obviously if the user wants to signup and input their credit card they will need to be online but the video editing logic can be used while offline. The idea of using react on the front end, you guys on the backend and storing a JWT that will expire in 24 hours https://docs.kinde.com/developer-tools/sdks/frontend/react-sdk/#token-storage-in-the-authentication-state in an httpOnly cookie at my custom domain seems like a good idea? I do want to protect against the user being able to signup for an account, inputing their credit card, paying for a month of service, when the month end nears they cancel the subscription but since they have the PWA installed they are able to still use it even if they havent paid. I am curious if the JWT that will expire in 24 hours will protect against this. I thought about the concept of you guys providing a JWT that is signed and then my react front end app has the public key to verify the jwt.
but i guess nothing is stopping the user from finding the public key in my codebase and changing it to their own and signing their own jwt
Hey @jonericcook,
I will get a member of my team to respond to your query here
I learned about a limitation with browsers that is now forcing me into a react native app and electronjs app
Hi, thanks for reaching out - the 24 hour expiration on the JWT should mitigate the issue with users continuing to use the PWA after they've cancelled the subscription - after the JWT has expired, and the user is required to re-auth, their subscription status can be re-checked. You could also consider webhooks - listen for any changes in user subscriptions and action how you'd like. Are you able to send the JWT to your backend server to verify to prevent users from tampering with it - then fetch it from a secure endpoint as needed?
Thank you for the information. I was hoping to my app infrastructure be as simple as possible. I was hoping to only have you guys as my backend and since all the main app logic revolves around video stuff that can be done locally. Do you guys offer the JWT functionality you mentioned?
We should have it in our backend SDKs - otherwise, you could also take a look here at verifying JWTs without an SDK https://docs.kinde.com/build/tokens/verifying-json-web-tokens/ - let me know if this helps? Thanks!
Kinde docs
Verifying JSON Web Tokens
Our developer tools provide everything you need to get started with Kinde.