Peter Marklund
KKinde
•Created by Peter Marklund on 9/2/2024 in #💻┃support
What is the recommended way to do Kinde auth with a SPA app (Vue) and a REST API (Fastify)
I've set up a Kinde account (called "seenthis.kinde.com") and the environments and the apps in the admin UI all make sense to me. I've added the
@kinde-oss/kinde-auth-pkce-js package to the frontend app along with a "Sign in" button and I'm able to invoke getToken on the kinde client and pass that down to the API in the Authorization: Bearer ${token} header. I am also able to invoke getUser to get user details for the logged in user. So far so good. The part where I get confused is in the backend REST API. I've installed the @kinde/jwt-validator package and I can validate the JWT token passed down from the client. I can also parse the token and extract the user ID. However, what else does the backend need to do in order to be secure? Is that all that is required? I've navigated so many different documentation pages and I've been trying to reverse engineer what the kinde express package does and I've tried the Node client and the TypeScript client but I'm not sure out of all this what I should be using. My goal is just to keep the code as simple as at all possible whilst of course still being secure... Any help appreciated. Thanks!3 replies