Kinde•2mo ago

kinde_client.is_authenticated()

Hi Kinde Support Team and Community. I am building an application with Python Flask (Server-Side Rendering) and KindeOAuth. When I use kinde_client.is_authenticated(), it always returns True even an unauthenticated user tries to access the login page and still uses the last person login session/Token access. Is there any way to resolve the issue of gatekeeping my app from unauthenticated people accessing my confidential app? Thank you. Regards, Kentgi

2 Replies

KentgiOP•2mo ago

by the way, i'm following this docs: https://docs.kinde.com/developer-tools/sdks/backend/python-sdk/

Kinde docs

Python SDK

Our developer tools provide everything you need to get started with Kinde.

CB_Kinde•2mo ago

Hi @Kent Here's some things to check on your side. Let us know if this helps. Backend Application Type Your Flask application is a backend/server-side app, which uses the Authorization Code Flow with a client secret for security. Authentication Setup Here's how to properly set up authentication: 1. Initialize the Kinde client with proper configuration: from kinde_sdk import Configuration from kinde_sdk.kinde_api_client import GrantType, KindeApiClient

configuration = Configuration(host=KINDE_HOST)
kinde_api_client_params = {
    "configuration": configuration,
    "domain": KINDE_HOST,
    "client_id": KINDE_CLIENT_ID,
    "client_secret": KINDE_CLIENT_SECRET,
    "grant_type": GRANT_TYPE,
    "callback_url": KINDE_REDIRECT_URL
}
kinde_client = KindeApiClient(**kinde_api_client_params)

2. For login routes, implement redirection:

@app.route("/login")
def login():
    return app.redirect(kinde_client.get_login_url())

3. Handle the callback properly:

@app.route("/callback")
def callback():
    kinde_client.fetch_token(authorization_response=request.url)

Important Security Considerations The issue you're experiencing might be related to token storage. Each user needs their own unique kinde_client object to track authentication state properly. Access tokens have an expiration time (exp) and should be validated. For protected routes, implement authentication checks before allowing access:

if kinde_client.is_authenticated():
    # Protected route logic here
else:
    return redirect("/login")

To properly gatekeep your application: 1. Create a new kinde_client instance per user session 2. Implement proper session management in Flask 3. Validate tokens on each request to protected routes 4. Use token expiration checks 5. Implement proper logout handling to clear sessions For session management across applications, consider implementing proper token storage and validation mechanisms.

Gaming

Programming

kinde_client.is_authenticated()

Did you find this page helpful?