K
Kinde3w ago
Michael

Refresh token of removed user from organization

Is there a way to remove users from an organization and then update their refresh token so that they don't have access to the organization anymore? When I tested removing a user from their organization, I successfully removed the user from the organization but it seems like their refresh tokens doesn't get updated with the latest organization data. Console logging the output from getOrganization says the the user is still inside the removed organization. Seems like the organization will only be gone if they logout and login back in.
No description
10 Replies
Ages
Ages3w ago
Michael
MichaelOP3w ago
Thanks for the api endpoints, I've tried them both but they don't seem to be working. The removed user refreshed their page but was still able to access the org. Only gets removed when they log out and log back in. I got a response of
{
  code: 'CLAIMS_REFRESH_SUCCESS',
  message: 'Claims successfully refreshed'
}
{
  code: 'CLAIMS_REFRESH_SUCCESS',
  message: 'Claims successfully refreshed'
}
for deleting session I was also able to delete the session but same bug as above. 
{
  code: 'USER_SESSIONS_INVALIDATED',
  message: 'User sessions successfully invalidated'
}
{
  code: 'USER_SESSIONS_INVALIDATED',
  message: 'User sessions successfully invalidated'
}
I am using nextjs so I am not sure if there is an issue with nextjs caching.
Ages
Ages3w ago
My next question was about your SDK and version. I think we are experiencing a refresh issue. Are you in the AU data region?
Michael
MichaelOP2w ago
My sdk is "@kinde-oss/kinde-auth-nextjs" and the version is 2.5.3. I can't find where to check which data region I am in on the kinde dashboard.
Ages
Ages2w ago
Have passed this on to the team. We've had reports of similar issue and are doing a deep dive. Will get back to you as soon as we can.
AndrewPH
AndrewPH2w ago
Also looking for answers on this - when I dig into the code I see this comment though which doesn't look promising re. RSC: 
    refreshTokens: async () => {
      try {
        // this will ALWAYS fail in an RSC as Cookies cannot be modified there.
        // refreshTokens is technically available in an RSC via getKindeServerSession,
        // but it won't work.
        // Maybe we should provide user feedback on this?
        const response = await kindeClient.refreshTokens(
          await sessionManager(req, res),
        );
        return response;
      } catch (error) {
        if (config.isDebugMode) {
          console.error(error);
        }
        return null;
      }
    },
    refreshTokens: async () => {
      try {
        // this will ALWAYS fail in an RSC as Cookies cannot be modified there.
        // refreshTokens is technically available in an RSC via getKindeServerSession,
        // but it won't work.
        // Maybe we should provide user feedback on this?
        const response = await kindeClient.refreshTokens(
          await sessionManager(req, res),
        );
        return response;
      } catch (error) {
        if (config.isDebugMode) {
          console.error(error);
        }
        return null;
      }
    },
Ages
Ages2w ago
Thanks for the additional info Michael. We are still looking into a fix via the SDK - it was probably one of our devs who left this comment (hopefully for themselves). I can't follow up until later today as they are in the UK timezone. Hey Michael. We have version 2.5.4 available now. Can you update the SDK and see if the problem persists.
Michael
MichaelOP2w ago
Updated to 2.5.6 and it doesn't seem to work still.
Michael
MichaelOP2w ago
It seems that we need to run this function inside of a client component as a server action in order for it to work. However there's still an issue with this api endpoint. https://docs.kinde.com/kinde-apis/management/#tag/users/post/api/v1/users/{user_id}/refresh_claims It doesn't seem to be invalidating the user cache as they are still inside the org even thou I removed them from it.
Kinde docs
Kinde Management API
The management API is for managing your Kinde account. Most things that can be done via the Kinde admin UI can be done with this API
Ages
Ages2w ago
We're still working on the refresh issues. Thanks for your patience.

Did you find this page helpful?