Kenneth
Kenneth
PostsComments
KKinde
Created by Kenneth on 7/4/2024 in #💻┃support
Changing API settings takes an incredibly long time
When updating authorized applications for an API it takes a really long time untill these changes are reflected when requesting access tokens, both for M2M tokens and user tokens. When adding a new API and adding a new authorized application, I can't seem to request tokens for this audience for several hours after making the changes in the Kinde Admin portal. The Kinde API also shows the API is active for said application (Identifiers redacted) 
GET https://<environmentUri>.eu.kinde.com/api/v1/apis/***
{
    "api": {
        "id": "****",
        "name": "MyApiName",
        "audience": "MyApiAudience",
        "applications": [
            {
                "id": "****",
                "name": "MyWebApp",
                "type": "Front-end and mobile",
                "is_active": true
            }
        ],
        "is_management_api": false
    },
    "code": "OK",
    "message": "Success"
}
GET https://<environmentUri>.eu.kinde.com/api/v1/apis/***
{
    "api": {
        "id": "****",
        "name": "MyApiName",
        "audience": "MyApiAudience",
        "applications": [
            {
                "id": "****",
                "name": "MyWebApp",
                "type": "Front-end and mobile",
                "is_active": true
            }
        ],
        "is_management_api": false
    },
    "code": "OK",
    "message": "Success"
}
Although the API says it is active, token requests keep giving the same error for quite a few hours, until it resolves itself automagically. 
{"error":"invalid_request","error_description":"The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Requested audience '*****' has not been whitelisted by the OAuth 2.0 Client."}
{"error":"invalid_request","error_description":"The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Requested audience '*****' has not been whitelisted by the OAuth 2.0 Client."}
Also when revoking access to an API/Audience or deleting an API completely, the application can still request M2M tokens for several hours after it has been revoked. Do you have any explanation, since this is quite the hurdle in developing new applications in our suite and for authorizing/revoking API access on production systems.
29 replies