ExpressJS Backend receiving API requests with bearer tokens
I am trying to create a backend API using expressJS that is authenticated via Kinde. I have tried both the express quick start and nodejs quick start. The nodejs quick start seems to provide more of what I think I need, partially because the expressjs quick start hangs and fails to server any pages when adding to an existing product.
Where in the middleware for isAuthenticated should it be checking for the bearer token and validating it? I can't seem to find an example of that anywhere.
For testing, why doesn't expressJS allow re-authentication with the cookie saved after login? When the express server restarts I have to login again despite having a redis session store with express-ession
FrontEnd: sveltekit using SDK from Kinde
Backend: expressjs using nodejs SDK
5 Replies
Hey @chrisogden.,
Thanks for reaching out.
Also thanks for elaborating on your setup and questions.
Before I dive into your questions, do you want to have your authentication logic in your backend? Or do you want to have your authentication logic in your frontend and pass the JWT to your backend?
I am asking this because we do have a SvelteKit SDK this is robust and comprehensive.
I would also suggest having a read of the following doc: https://docs.kinde.com/build/applications/authenticating-spa/?r=search#_top
Looking forward to hearing back from you!
Kinde docs
Authenticating single-page apps (SPAs) with Kinde
Our developer tools provide everything you need to get started with Kinde.
Pass the JWT to the backend. I am using the sveltekit sdk. It sets cookies for just the subdomain it is on so it doesn’t automatically pass the cookie and you can’t access the cookie from sveltekit. The robustness of the sveltekit sdk is great. Would be nice if I could change the domain the cookie is set on. I tried copying the cookie in server hooks and layout.server, which does work but it 500s on logout.
From the api backend side (separate of sveltekit) I wrote custom logic to extract the auth header or cookie and it works but would be nice to see that in nodejs sdk or a sample starter kit. My workout does handle authentication but doesn’t provide a good way to look at orgs, roles or permissions since nodejs sdk is unaware of the session since it was created in sveltekit
I will go read both those docs, maybe it will clear up the audience item as well.
Hey @chrisogden.,
Thanks for the quick reply.
I would suggest raising
GitHub issues on the relevant SDK GitHub repos so my teammates who look after the respective SDK will look into and address your points raised.
So would be able to add GitHub issues related to your comments above on the related repos:
- Kinde SDKs
- Kinde starter kits
Let me know if you have any questions on this.GitHub
Kinde
Simple, powerful authentication. Boost security, drive conversion and save money — in just a few minutes. - Kinde
GitHub
Kinde - Starter kits
A selection of starter kits to get up and going with Kinde - Kinde - Starter kits
I posted some GitHub issues
Thanks @chrisogden.,
My teammates will review your GitHub issues.