ext_provider claim not present in some cases
(Related to https://discord.com/channels/1070212618549219328/1248094123500769413)
There are instances where the
ext_provider claim is not provided in the ID token.
The ext_provider claim isn't returned if the user had already signed in previously and is still considered logged in from Kinde's perspective.
So, for example:
- I click the "Sign In" button on my website
- I'm directed to Kinde.
- I choose to login with Facebook.
- I'm successfully logged in, and ext_provider claim is available in the ID Token.
- If, however, I clear my cookies on my site, my user would appear as not logged in.
- I would then click the "Sign In" button on my website
- I would be directed to Kinde and Kinde would see I was logged in (because Kinde's cookies still exist)
- I would be redirected to my site and successfully logged in, however this time there is no ext_provider claim.
This is a problem because I need to know who authenticated the user (Google, Facebook, etc.) so I can indicate what the user account type is in our system.6 Replies
This is interesting, can I get the team to check into this start of next week and come back to you on it?
I'm having a similar issue. But for me it happens when you're logged in and you have been away for a bit. When you come back and refresh or something you appear logged out. And you can't log in again until you specifically go to the logout endpoint and then try to log in again.
Thank Daniel. Also, FYI, I updated the content of my post to read a bit easier. Hopefully this helps.
@ryno1234. @Laakso the
ex_provider is being dropped with the most recent login - if a user is already authenticated, we don't reissue the claim because it's been delivered previously - you could potentially implement session management and store that info. The team will look into improving how we handle this on our side.Thank you for the response. That makes a lot of sense. I'll look into that further soon. I should already have my own session management implemented, but if I do, then it's something wrong on my side.
Thanks @Andre @ Kinde