Kinde•2mo ago

Refresh token of removed user from organization

Is there a way to remove users from an organization and then update their refresh token so that they don't have access to the organization anymore? When I tested removing a user from their organization, I successfully removed the user from the organization but it seems like their refresh tokens doesn't get updated with the latest organization data. Console logging the output from getOrganization says the the user is still inside the removed organization. Seems like the organization will only be gone if they logout and login back in.

11 Replies

Claire Mahoney•2mo ago

I think using this API endpoint might achieve this. https://docs.kinde.com/kinde-apis/management/#tag/users/post/api/v1/users/{user_id}/refresh_claims You can also invalidate a session via this endpoint. https://docs.kinde.com/kinde-apis/management/#tag/users/delete/api/v1/users/{user_id}/sessions

MichaelOP•2mo ago

Thanks for the api endpoints, I've tried them both but they don't seem to be working. The removed user refreshed their page but was still able to access the org. Only gets removed when they log out and log back in. I got a response of

{
  code: 'CLAIMS_REFRESH_SUCCESS',
  message: 'Claims successfully refreshed'
}

{
  code: 'CLAIMS_REFRESH_SUCCESS',
  message: 'Claims successfully refreshed'
}

for deleting session I was also able to delete the session but same bug as above.

{
  code: 'USER_SESSIONS_INVALIDATED',
  message: 'User sessions successfully invalidated'
}

{
  code: 'USER_SESSIONS_INVALIDATED',
  message: 'User sessions successfully invalidated'
}

I am using nextjs so I am not sure if there is an issue with nextjs caching.

Claire Mahoney•2mo ago

My next question was about your SDK and version. I think we are experiencing a refresh issue. Are you in the AU data region?

MichaelOP•2mo ago

My sdk is "@kinde-oss/kinde-auth-nextjs" and the version is 2.5.3. I can't find where to check which data region I am in on the kinde dashboard.

Claire Mahoney•2mo ago

Have passed this on to the team. We've had reports of similar issue and are doing a deep dive. Will get back to you as soon as we can.

AndrewPH•2mo ago

Also looking for answers on this - when I dig into the code I see this comment though which doesn't look promising re. RSC:

    refreshTokens: async () => {
      try {
        // this will ALWAYS fail in an RSC as Cookies cannot be modified there.
        // refreshTokens is technically available in an RSC via getKindeServerSession,
        // but it won't work.
        // Maybe we should provide user feedback on this?
        const response = await kindeClient.refreshTokens(
          await sessionManager(req, res),
        );
        return response;
      } catch (error) {
        if (config.isDebugMode) {
          console.error(error);
        }
        return null;
      }
    },

    refreshTokens: async () => {
      try {
        // this will ALWAYS fail in an RSC as Cookies cannot be modified there.
        // refreshTokens is technically available in an RSC via getKindeServerSession,
        // but it won't work.
        // Maybe we should provide user feedback on this?
        const response = await kindeClient.refreshTokens(
          await sessionManager(req, res),
        );
        return response;
      } catch (error) {
        if (config.isDebugMode) {
          console.error(error);
        }
        return null;
      }
    },

Claire Mahoney•2mo ago

Thanks for the additional info Michael. We are still looking into a fix via the SDK - it was probably one of our devs who left this comment (hopefully for themselves). I can't follow up until later today as they are in the UK timezone. Hey Michael. We have version 2.5.4 available now. Can you update the SDK and see if the problem persists.

MichaelOP•2mo ago

Updated to 2.5.6 and it doesn't seem to work still.

MichaelOP•2mo ago

It seems that we need to run this function inside of a client component as a server action in order for it to work. However there's still an issue with this api endpoint. https://docs.kinde.com/kinde-apis/management/#tag/users/post/api/v1/users/{user_id}/refresh_claims It doesn't seem to be invalidating the user cache as they are still inside the org even thou I removed them from it.

Kinde docs

Kinde Management API

The management API is for managing your Kinde account. Most things that can be done via the Kinde admin UI can be done with this API

Claire Mahoney•3w ago

We're still working on the refresh issues. Thanks for your patience. Hi there. Our Next.js dev is working on a fix for this. It's currently being tested. Will let you know of any updates. Hi there The new NextJS v2.6 was just released. Please try and upgrade and let us know if your issue persists. https://github.com/kinde-oss/kinde-auth-nextjs/releases/tag/v2.6.0

Yoshify•3w ago

Just a follow up to the above, there's been some changes in how refreshing works in 2.6.0. Documentation has been updated to reflect this - please check it out here

Kinde docs

Next.js App Router SDK

Our developer tools provide everything you need to get started with Kinde.

Gaming

Programming

Refresh token of removed user from organization

Did you find this page helpful?