ryno1234.
KKinde
•Created by ryno1234. on 8/7/2024 in #💻┃support
Usage of Application login URI
It's unclear to me what the URI of the Application login URI should be. I've read the docs and searched this support channel, but still not clear.
The docs state "This is the default login route for resolving session issues. Hits the /auth endpoint to redirect back to your application sign in page.", however this isn't clear because Kinde is my sign in page...
Do you mean that the endpoint provided should redirect to Kinde? For example, my auth endpoint is https://www.bestofcitrusheights.org/Account/Login?returnUrl=https%3A%2F%2Fwww.bestofcitrusheights.org%2F. This endpoint simply redirects to Kinde to start a sign in process. Is that what I should be using here, or should I be providing the callback URI that receives the auth code from Kinde AFTER a sign in process?
Bonus question: How do I emulate this URI needing to be used so I can test that everything is working correctly?
5 replies
KKinde
•Created by ryno1234. on 7/5/2024 in #💻┃support
Changing the displayed organization name on the login screen
Long-shot question: Is it possible to dynamically change the displayed organization name on the login screen?
Here is the real-life use case: We're a B2B2C SaaS. Our clients have multiple campaigns they run with our system. Their users (the consumers) are typically going to involve themselves with multiple campaigns, so they want to login using the credentials they already have. The problem is, the organization set up for a campaign references that campaign name directly, so I have to create a separate organization for each campaign. This isn't a problem except that when we now create a new campaign, each user needs to know they should register instead of login, because if they attempt to login they'll get the dreaded "You do not have access to this organization" message.
I could solve this if I could use just 1 organization, but dynamically change the title displayed on that register / login screen to show the name of the campaign instead of the organization. That way all users could be in 1 organization.
I make sure we send the users to the register screen instead of the login screen by default and that does help avoid the error mentioned, but inevitably, users will click the "I already have an account, login" button and then get confused by the error I just mentioned.
I know I've brought this up multiple times, but I keep finding this register vs. login flow has some friction behind it when dealing with multiple organizations that have the same user base. As mentioned previously, even a slightly better error message would go a LONG way to help the users.
Any suggestions?
12 replies
KKinde
•Created by ryno1234. on 7/1/2024 in #💻┃support
Gravatar images empty
I just noticed that when users are signing in by creating a email / password account, the image URL is a gravatar URL, i.e. https://gravatar.com/avatar/somelongid?d=blank&size=200
But the image is blank. I know Gratavar images were coming soon, so maybe there's a bug here.
12 replies
KKinde
•Created by ryno1234. on 6/14/2024 in #💻┃support
Determine sign up conversion rate
Is there any way to see the sign up conversation rate? For example, if someone lands at the sign in / create account page, do we have a way of knowing how far they got in the process (i.e. created an account vs not?).
To be specific, I see instances of users attempting to sign in (because I see email logs of them requesting a code for their email / password login), yet they never complete the process.
My email provider is showing that the emails were sent and delivered, however at times will not indicated that they were "opened". I know this can be due to various reasons, but it sure seems like an issue when I see a user that appears that they attempted to sign in twice (2 emails sent with different verification codes), but they never created an account. Seems to me that they got stuck in the process due to emails perhaps not coming through.
If this was super prevalent, I might go to my email provider and give them contextual stats on how many users we're missing because of deliverability issues, for example and look for some solutions from them.
Might be worth indicating to the user on that verification code screen that they should check their "junk" folder just in case.
4 replies
KKinde
•Created by ryno1234. on 6/7/2024 in #💻┃support
ext_provider claim not present in some cases
(Related to https://discord.com/channels/1070212618549219328/1248094123500769413)
There are instances where the
ext_provider
claim is not provided in the ID token.
The ext_provider
claim isn't returned if the user had already signed in previously and is still considered logged in from Kinde's perspective.
So, for example:
- I click the "Sign In" button on my website
- I'm directed to Kinde.
- I choose to login with Facebook.
- I'm successfully logged in, and ext_provider
claim is available in the ID Token.
- If, however, I clear my cookies on my site, my user would appear as not logged in.
- I would then click the "Sign In" button on my website
- I would be directed to Kinde and Kinde would see I was logged in (because Kinde's cookies still exist)
- I would be redirected to my site and successfully logged in, however this time there is no ext_provider
claim.
This is a problem because I need to know who authenticated the user (Google, Facebook, etc.) so I can indicate what the user account type is in our system.7 replies
KKinde
•Created by ryno1234. on 6/6/2024 in #💻┃support
picture / ext_provider claim inconsistent
I use the claim
ext_provider
to determine who facilitated the login (Google, Facebook or Kinde). At times this value is blank.
The problem is the picture
claim can be in different formats depending upon where it comes from. For example, from Facebook it is an entire JSON structure. Previously, in Auth0, the equivalent of a picture
claim was always a URL that we know we could use. Now, I have to determine if the ext_provider
is Facebook, because if it is, I need to parse the picture
claim and pull out specifically the URL and leave all the extra metadata provided.
The problem with this comes about sometimes when I login. On occasion there is no ext_provider
value. I think this is when I've already authenticated previously on Kinde so when I attempt to login, my request just goes right through.
Ultimately, I would like to know what auth provider facilitated that login (google, facebook, etc.). That may or may not be reasonable depending upon how that's implemented in Kinde. That said, the only thing I really care about right now is have a reasonable way to retrieve the user's picture URL. The only way I see that being possible is if:
1) Kinde always provides an ext_provider
value
2) Kinde parses the picture information from each integreated OAuth provided and normalizes this value so we can all use it in a consistent way
3) I have to explicitly look for {"data": {"url": "....", "width": 200, "height": 200, "is_silhouette": false}}
in the picture
claim to figure out if I need to parse it.
Right now I have some users that have broken profile images because their picture url is {"data": {"url": "....", "width": 200, "height": 200, "is_silhouette": false}}
.
Thoughts?5 replies
KKinde
•Created by ryno1234. on 5/14/2024 in #💻┃support
Import from Auth0 not showing social logins or logins_count
I intend to go-live with Kinde tomorrow morning (Pacific time) have a couple of issues / questions regarding Auth0 import.
I performed an import from Auth0 and included all the columns mentioned in the Auth0 migration support doc.
I noticed, however, that the logins_count CSV column doesn't seem to be imported as all my users show that they have never logged in (all login counts show 0). This isn't a huge deal, but does make me want to confirm that my import worked correctly in general.
Also, my imported user split is about 1/3 email & password, 1/3 Facebook, 1/3 Google. All of my imported users look like they're only associated with email & password (when in fact many never even used email / password login).
When they attempt to login through Kinde with, say, Facebook, will they have to "sign-up" again, or can they "sign-in" with Facebook without friction?
6 replies
KKinde
•Created by ryno1234. on 5/5/2024 in #💻┃support
Organizations API doesn't provide full functionality
The Organizations API allows us to update an organization but certain fields we aren't able to retrieve the orginal values for to make sure that when we do inadvertantly update thier values from their current to the default value.
For example, the Get Organization endpoint (
GET /api/v1/organization
) will return this:
Note that it doesn't provide a value for is_allow_registrations
Now, when calling the Update Organization endpoint, which allows me to set a value for is_allow_registrations
, I have no way to provide the current value making sure it doesn't default. This is particularly impossible with the .Net SDK because the model / arguments for this update function doesn't allow passing in null values for is_allow_registrations
which might indicate during a PATCH
operation to not update that particular field. So, essentially in .Net, any call to the UPDATE endpoint will set the value of is_allow_registrations
in every case, so I must provide the current value to make sure I don't overwrite it.13 replies
KKinde
•Created by ryno1234. on 5/4/2024 in #💻┃support
Inability to update certain Application fields via API
4 replies
KKinde
•Created by ryno1234. on 5/4/2024 in #💻┃support
Automatically adding user to organization on sign-in (not sign-up)
20 replies
KKinde
•Created by ryno1234. on 3/24/2024 in #💻┃support
"Welcome back" displayed in login even in Incognito mode
3 replies
KKinde
•Created by ryno1234. on 3/24/2024 in #💻┃support
Migrating Applications from Auth0
We have applications listed in Auth0 from which we're looking to move from. I don't see the ability to carry over the ClientId / Secret to Kinde. Is this not possible? Do we have to create new Applications with new ClientIds?
5 replies
KKinde
•Created by ryno1234. on 2/29/2024 in #💻┃support
Organization branding control
With Auth0, my Applications have a Logo URL (which would be handled in Organizations it seems with Kinde). The URL worked well because when my tenant in my multi-tenant platform decided to update their logo, the new logo was available on the sign in page since that logo simply referenced our URL for the logo.
With Kinde it seems that logo needs to be actually uploaded. Ok, little different and definitely more work, but that's ok. The problem comes up when I don't see an API to do so so it actually takes manual intervention to make this happen.
My tenants will not have access to Kinde, they're not going to upload their logo twice, this has to be automated somehow.
Any suggestions?
An alternative would be to allow URL parameters to be passed to the login page to customize the experience and override whatever settings exist for the Organization's brand and the overall brand.
8 replies
KKinde
•Created by ryno1234. on 2/29/2024 in #💻┃support
Proper use of Organizations as opposed to Applications
7 replies
KKinde
•Created by ryno1234. on 2/25/2024 in #💻┃support
Know if an email address is validated in JWT
I'm using .Net with the OIDC integration / middleware. Most everything seems to be working well, except I need to know if the user has verified their email. I noticed while debugging there is a claim that comes back on the JWT, "ext_provider" which has this information, but I only saw it come across with a value once. I also didn't see any documentation on this claim.
How do I determine that a user has in fact verified their account?
6 replies