leo_kinde
KKinde
•Created by Abel Trần on 10/6/2024 in #💻┃support
Issue with getKindeServerSession().refreshTokens(); in Next.js App Router
@Abel Trần , the
null response from refreshTokens() looks like there might be some error happening as it should return the new tokens. Can you set the environment variable KINDE_DEBUG_MODE to true and run it again and have a look to see if there are any errors logged?25 replies
KKinde
•Created by Abel Trần on 10/6/2024 in #💻┃support
Issue with getKindeServerSession().refreshTokens(); in Next.js App Router
Hi @Abel Trần ,
It looks like the cache should be updated automatically, so you shouldn't need to call the refresh_claims endpoint. After updating the properties via API, you can then call
refreshTokens() to get the updated tokens.
Here is the code I used:
25 replies
KKinde
•Created by Abel Trần on 10/6/2024 in #💻┃support
Issue with getKindeServerSession().refreshTokens(); in Next.js App Router
Hi @Abel Trần , just to confirm, these are user properties added to the id token through token customization, then updated via API?
Let me look into whether we should automatically invalid the cache in this case, in the mean time you can try making a call via the Management API to refresh the claims first using this API method: https://kinde.com/api/docs/#refresh-user-claims-and-invalidate-cache
25 replies
KKinde
•Created by H3R01A on 10/3/2024 in #💻┃support
Email custom sender with Outlook/Office 365
@H3R01A, I don't think we have any way for you to track these kind of changes. I'm happy to keep you updated. Changes are currently going through internal review.
13 replies
KKinde
•Created by H3R01A on 10/3/2024 in #💻┃support
Email custom sender with Outlook/Office 365
@H3R01A , at the moment the HVE and Azure servers are known to be working. Microsoft servers just tend to require slightly different configuration, it is a minor change on our side I expect it could be updated in the next couple days.
13 replies
KKinde
•Created by H3R01A on 10/3/2024 in #💻┃support
Email custom sender with Outlook/Office 365
Hi @H3R01A,
Be aware these SMTP servers have send limits on them that typically make then unsuitable for app sending. For Microsoft customers the recommendation is to use the high volume email (HVE) feature (
smtp-hve.office365.com) if sending to internal recipients, or Azure Communication Services (smtp.azurecomm.net) to send to external recipients.
If you are only expecting a low rate of sending, let us know and we can look at updating our configuration to support these.13 replies
KKinde
•Created by LIFE on 8/7/2024 in #💻┃support
M2M token expiry and refresh
Yes, the access token is often passed as the bearer token.
For other auth flows that use a refresh token, the refresh token is used to gain a new access token periodically, so new tokens are still issued.
You can use the same access token for multiple requests for a long as it is valid. Using the default expiry of one day should limit to needing a new token once per day if caching and reusing the token. The maximum expiry is 28 days, the consideration for longer expiry is mostly around risk - if a token is leaked, a potential malicious actor has potentially a longer time access window.
15 replies
KKinde
•Created by LIFE on 8/7/2024 in #💻┃support
M2M token expiry and refresh
Hi @Stian - Fartskriver ,
The
offline scope and refresh tokens are not applicable to M2M tokens as this uses the client credentials flow which does not require a user interaction. Typically the access token would be cached and, rather than using a refresh token, the client credentials are used to obtain a new token when required.
Can you tell us a bit about your use case and the restrictions you're working with?15 replies
KKinde
•Created by lee_uk on 8/7/2024 in #💻┃support
.Net oidc switch organisation
Hi @lee_uk,
It doesn't look like setting
AuthenticationProperties causes the extra parameters to be passed through to the auth request.
When configuring OpenID there is an event handler that can add parameters and can read the parameters passed in AuthenticationProperties, so there is a opportunity to read those and pass them through.
For example,
Does this provide a way forward for you?6 replies
KKinde
•Created by skywalker-kiwi#02131 on 6/14/2024 in #💻┃support
ASP.NET API not validating token
I'm glad you have something working. However, normally you shouldn't need to do this as the libraries should do it for you. If you are receiving 401
The signature key was not found, there is a known issue where mismatched versions IdentityModel can cause this.
If you have both Microsoft.AspNetCore.Authentication.JwtBearer installed with a version of System.IdentityModel.Tokens.Jwt beyond 7.3.1 this can happen. If this is the case you should either downgrade System.IdentityModel.Tokens.Jwt or install the same version of Microsoft.IdentityModel.Protocols.OpenIdConnect so JwtBearer is using the same version of all dependencies.14 replies
KKinde
•Created by Deck on 6/17/2024 in #💻┃support
Verification Code for passwordless signup - taking a lot of time to send
Hi @Deck , I have had a look through our logs and I'm not seeing any significant delays in processing and initial sending of emails. There could be delays in sending between mail servers. If you can send us the source/headers of an email (DM if you wish), it should indicate the time the email was received by the intermediate servers. In saying this, delivery between mail servers is largely out of our hands.
We do provide the option of providing your own SMTP server, and it might be possible to improve delivery time for specific recipients. More information here: https://docs.kinde.com/get-started/connect/customize-email-sender/
As for users not receiving the email at all, the reasons can vary from case to case and we'd need the specific user's email address to investigate further. Again using custom SMTP may help with deliverability here and most transactional email providers provide reports so you have visibility of deliverability issues for individual emails and often the reasons an email could not be sent.
5 replies
KKinde
•Created by skywalker-kiwi#02131 on 6/14/2024 in #💻┃support
ASP.NET API not validating token
One thing you may want to specify on the JwtBearer config is:
This will populate the
Name field o the User with the Kinde user identifier, though without it I've not seen it cause the User object to not be populated at all.14 replies
KKinde
•Created by skywalker-kiwi#02131 on 6/14/2024 in #💻┃support
ASP.NET API not validating token
Hi @skywalker-kiwi#02131 , when you say
HttpContext.User is null in the controller, is this on a controller/action which has auth enforced with something like the [Authorize] attribute? The issue is it is passing verification, but not populating?
In terms of configuration, generally you do not need to explicitly specify the OpenID configuration, setting the Authority is sufficient for the JwtBearer handling to discover it (as it is on a standard path). Normally where JWKS is not specified it will request the config and the JWKS for you and cache the results, though you may want to specify them to avoid the initial requests.14 replies
KKinde
•Created by guo0429 on 5/18/2024 in #💻┃support
is it possible to use session manager (typescript sdk) with client side only cookie?
Hi @guo0429 , you can use cookies for storage. It is good to do as you have done and have them as
HttpOnly and Secure for security. Just be aware if you add many additional claims to your tokens you may exceed the limit for cookie size (4kb).4 replies
KKinde
•Created by LIFE on 5/8/2024 in #💻┃support
Unable to retrieve claims & identity from token
Actually, I just noticed in your project is
System.IdentityModel.Tokens.Jwt version 7.5.2, when I install this I can reproduce the problem. If I downgrade to 7.1.2 (which is referenced in Microsoft.AspNetCore.Authentication.JwtBearer), it works again.
The only related reference I have been able to find is this: https://stackoverflow.com/a/78442187
I hope this helps.16 replies
KKinde
•Created by LIFE on 5/8/2024 in #💻┃support
Unable to retrieve claims & identity from token
Thank you for the information, unfortunately I am not able to replicate the same issue.
In the default configuration a request will be made to the OpenID configuration endpoint and then following another request to the JWKS endpoint.
Outbound request tracing could be useful to see if the request are being made. Configuring JwtBearer there are also options
Backchannel and BackchannelHttpHandler that can be configured to interact with the outbound HTTP client.
You can inspect these endpoints in browser to confirm connectivity from your local machine:
- https://alkolas.kinde.com/.well-known/openid-configuration
- https://alkolas.kinde.com/.well-known/jwks
You mentioned it works in production, it might be worth doing a comparison of configuration between the two environments for any difference that may be causing issues.
It may also be worth starting a new project with just the essential code and see if it works in your local environment to try and isolate whether the issue relates to the local environment or that specific project.16 replies
KKinde
•Created by LIFE on 5/8/2024 in #💻┃support
Unable to retrieve claims & identity from token
Hi @LIFE , I haven't been quite able to replicate this. What version of .NET are you targeting and what version of
Microsoft.AspNetCore.Authentication.JwtBearer are you using?16 replies
KKinde
•Created by mariodebono on 4/28/2024 in #💻┃support
After calling createOrg({ org_name: 'name' }) a call to /token that returns 500
Glad it is working, if it happens again do let us know.
7 replies
KKinde
•Created by mariodebono on 4/28/2024 in #💻┃support
After calling createOrg({ org_name: 'name' }) a call to /token that returns 500
Hi @mariodebono,
I don't think this is correct behaviour. Would you be able to DM be details of the token request (URL, querystring params, headers, timestamp) and I can look into it. Looking through logs I don't see any errors related to either business associated with your name.
7 replies