jamie
jamie
PostsComments
KKinde
Created by Ollie Mansell on 4/5/2024 in #💻┃support
adding a loading state to the SignIn component in NextJS
Just guessing here and I'm not affiliated with Kinde in any way (other than using it myself). But if it's possible to iframe the sign-in page, you could potentially redirect to the page after it has loaded into the browser somehow. Alternatively I think they provide the option to build a custom sign in page, then you could have it however you like 🙂 EDIT: I accidentally said "Just guessing here and I'm affiliated with Kinde in any way", to clarify completely, that was a typo. I meant "Just guessing here and I'm not affiliated with Kinde in any way".
15 replies
KKinde
Created by jamie on 3/29/2024 in #💻┃support
Unable to make a POST request to retrieve a token with `grant_type` of `authorization_code`
That screenshot is from here "Using Kinde without an SDK - Handling the callback": https://kinde.com/docs/developer-tools/using-kinde-without-an-sdk/#handling-the-callback
37 replies
KKinde
Created by jamie on 3/29/2024 in #💻┃support
Unable to make a POST request to retrieve a token with `grant_type` of `authorization_code`
even if it was just on another tab in that code block, it would've saved me over a day on setup
37 replies
KKinde
Created by jamie on 3/29/2024 in #💻┃support
Unable to make a POST request to retrieve a token with `grant_type` of `authorization_code`
Maybe you could just shorten it to this: 
curl -X POST "https://<your_kinde_subdomain>.kinde.com/oauth2/token" \
     -H "Content-Type: application/x-www-form-urlencoded" \
     -d client_id=<your_kinde_client_id> \
     -d client_secret=<your_kinde_client_secret> \
     -d grant_type=authorization_code \
     -d redirect_uri=<your_app_redirect_url> \
     -d code=<CALLBACK_AUTHORIZATION_CODE>
curl -X POST "https://<your_kinde_subdomain>.kinde.com/oauth2/token" \
     -H "Content-Type: application/x-www-form-urlencoded" \
     -d client_id=<your_kinde_client_id> \
     -d client_secret=<your_kinde_client_secret> \
     -d grant_type=authorization_code \
     -d redirect_uri=<your_app_redirect_url> \
     -d code=<CALLBACK_AUTHORIZATION_CODE>
37 replies
KKinde
Created by jamie on 3/29/2024 in #💻┃support
Unable to make a POST request to retrieve a token with `grant_type` of `authorization_code`
#!/bin/sh

# Set up environment variables
export KINDE_DOMAIN="your_kinde_subdomain"
export KINDE_CLIENT_ID="your_kinde_client_id"
export KINDE_CLIENT_SECRET="your_kinde_client_secret"
export APP_REDIRECT_URI="your_app_redirect_url"
export CALLBACK_AUTHORIZATION_CODE="CALLBACK_AUTHORIZATION_CODE"

# Make the POST request using curl
curl -X POST "https://${KINDE_DOMAIN}.kinde.com/oauth2/token" \
     -d client_id=${KINDE_CLIENT_ID} \
     -d client_secret=${KINDE_CLIENT_SECRET} \
     -d grant_type=authorization_code \
     -d redirect_uri=${APP_REDIRECT_URI} \
     -d code=${CALLBACK_AUTHORIZATION_CODE}
#!/bin/sh

# Set up environment variables
export KINDE_DOMAIN="your_kinde_subdomain"
export KINDE_CLIENT_ID="your_kinde_client_id"
export KINDE_CLIENT_SECRET="your_kinde_client_secret"
export APP_REDIRECT_URI="your_app_redirect_url"
export CALLBACK_AUTHORIZATION_CODE="CALLBACK_AUTHORIZATION_CODE"

# Make the POST request using curl
curl -X POST "https://${KINDE_DOMAIN}.kinde.com/oauth2/token" \
     -d client_id=${KINDE_CLIENT_ID} \
     -d client_secret=${KINDE_CLIENT_SECRET} \
     -d grant_type=authorization_code \
     -d redirect_uri=${APP_REDIRECT_URI} \
     -d code=${CALLBACK_AUTHORIZATION_CODE}
37 replies
KKinde
Created by jamie on 3/29/2024 in #💻┃support
Unable to make a POST request to retrieve a token with `grant_type` of `authorization_code`
I'll have a go
37 replies
KKinde
Created by jamie on 3/29/2024 in #💻┃support
Unable to make a POST request to retrieve a token with `grant_type` of `authorization_code`
Maybe it would be worth looking at what a curl command for that might look like?
37 replies
KKinde
Created by jamie on 3/29/2024 in #💻┃support
Unable to make a POST request to retrieve a token with `grant_type` of `authorization_code`
No description
37 replies
KKinde
Created by jamie on 3/29/2024 in #💻┃support
Unable to make a POST request to retrieve a token with `grant_type` of `authorization_code`
@ev_kinde Specifically I'd like to contribute to anything that goes towards fully implementing Kinde's API as a golang SDK. Ideally I'd like to try to abstract some of the functionality to make it more like idiomatic Go, and eventually hook into that abstraction when exposing webhooks (I realise this is a beta feature, but when released it would be nice to take advantage of them in the same lib). We're using it in our Go API so I've already implemented the very basics, but moving forward we want much more complete integration with Kinde.
37 replies
KKinde
Created by jamie on 3/29/2024 in #💻┃support
Unable to make a POST request to retrieve a token with `grant_type` of `authorization_code`
Yes I saw, let me know if I can help at all
37 replies
KKinde
Created by jamie on 3/29/2024 in #💻┃support
Unable to make a POST request to retrieve a token with `grant_type` of `authorization_code`
One of the main technical differences between them is the article specified uses client_credentials, whereas the quick start recommends using authorization_code. The implementation on the article relies quite heavily on client_credentials and so didn't seem helpful at the time.
37 replies
KKinde
Created by jamie on 3/29/2024 in #💻┃support
Unable to make a POST request to retrieve a token with `grant_type` of `authorization_code`
@Andre @ Kinde I came across this article really early on actually. This article does provide useful insights into how to connect to Kinde via an M2M app, but didn't help me to understand how I can retrieve an access token for a specific user. Having implemented both now, I may see if I can borrow ideas from this article to produce a small Go library for this.
37 replies
KKinde
Created by jamie on 3/29/2024 in #💻┃support
Unable to make a POST request to retrieve a token with `grant_type` of `authorization_code`
Full example for anyone that finds this thread: 
type KindeTokenResponse struct {
    AccessToken string `json:"access_token"`
    ExpiresIn   int    `json:"expires_in"`
    IdToken     string `json:"id_token"`
    Scope       string `json:"scope"`
    TokenType   string `json:"token_type"`
}

func (k *Kinde) RequestToken(code string) (KindeTokenResponse, error) {
    // make a request to the token endpoint
    req, err := http.NewRequest(
        "POST",
        fmt.Sprintf("%v/oauth2/token", tokenIssuer),
        nil,
    )
    if err != nil {
        return KindeTokenResponse{}, err
    }

    // set headers
    req.Header.Add("Content-Type", "application/x-www-form-urlencoded")

    // set form data
    form := url.Values{}
    form.Add("client_id", k.ClientID)
    form.Add("client_secret", k.ClientSecret)
    form.Add("grant_type", "authorization_code")
    form.Add("redirect_uri", "http://localhost:3000/authenticate")
    form.Add("code", code)

    req.Body = ioutil.NopCloser(strings.NewReader(form.Encode()))

    // make the request
    client := &http.Client{}
    res, err := client.Do(req)
    if err != nil {
        return KindeTokenResponse{}, err
    }
    defer res.Body.Close()

    if res.StatusCode != http.StatusOK {
        return KindeTokenResponse{}, fmt.Errorf(
            "error requesting token: %v",
            res.Status,
        )
    }

    // parse the response
    var kindeTokenResponse KindeTokenResponse
    if err := json.NewDecoder(res.Body).Decode(&kindeTokenResponse); err != nil {
        return KindeTokenResponse{}, err
    }

    return kindeTokenResponse, nil
}
type KindeTokenResponse struct {
    AccessToken string `json:"access_token"`
    ExpiresIn   int    `json:"expires_in"`
    IdToken     string `json:"id_token"`
    Scope       string `json:"scope"`
    TokenType   string `json:"token_type"`
}

func (k *Kinde) RequestToken(code string) (KindeTokenResponse, error) {
    // make a request to the token endpoint
    req, err := http.NewRequest(
        "POST",
        fmt.Sprintf("%v/oauth2/token", tokenIssuer),
        nil,
    )
    if err != nil {
        return KindeTokenResponse{}, err
    }

    // set headers
    req.Header.Add("Content-Type", "application/x-www-form-urlencoded")

    // set form data
    form := url.Values{}
    form.Add("client_id", k.ClientID)
    form.Add("client_secret", k.ClientSecret)
    form.Add("grant_type", "authorization_code")
    form.Add("redirect_uri", "http://localhost:3000/authenticate")
    form.Add("code", code)

    req.Body = ioutil.NopCloser(strings.NewReader(form.Encode()))

    // make the request
    client := &http.Client{}
    res, err := client.Do(req)
    if err != nil {
        return KindeTokenResponse{}, err
    }
    defer res.Body.Close()

    if res.StatusCode != http.StatusOK {
        return KindeTokenResponse{}, fmt.Errorf(
            "error requesting token: %v",
            res.Status,
        )
    }

    // parse the response
    var kindeTokenResponse KindeTokenResponse
    if err := json.NewDecoder(res.Body).Decode(&kindeTokenResponse); err != nil {
        return KindeTokenResponse{}, err
    }

    return kindeTokenResponse, nil
}
37 replies
KKinde
Created by jamie on 3/29/2024 in #💻┃support
Unable to make a POST request to retrieve a token with `grant_type` of `authorization_code`
Okay I've figured it out. Turns out URL query params are not sufficient to pass the data effectively to Kinde. Instead the params need to be sent as form data. In Go, this looks like: 
    // set form data
    form := url.Values{}
    form.Add("client_id", k.ClientID)
    form.Add("client_secret", k.ClientSecret)
    form.Add("grant_type", "authorization_code")
    form.Add("redirect_uri", "http://localhost:3000/authenticate")
    form.Add("response_type", "code")
    form.Add("audience", "https://<REDACTED>.kinde.com/api")
    form.Add("scope", "openid profile email")
    form.Add("code", code)

    req.Body = ioutil.NopCloser(strings.NewReader(form.Encode()))
    // set form data
    form := url.Values{}
    form.Add("client_id", k.ClientID)
    form.Add("client_secret", k.ClientSecret)
    form.Add("grant_type", "authorization_code")
    form.Add("redirect_uri", "http://localhost:3000/authenticate")
    form.Add("response_type", "code")
    form.Add("audience", "https://<REDACTED>.kinde.com/api")
    form.Add("scope", "openid profile email")
    form.Add("code", code)

    req.Body = ioutil.NopCloser(strings.NewReader(form.Encode()))
37 replies
KKinde
Created by jamie on 3/29/2024 in #💻┃support
Unable to make a POST request to retrieve a token with `grant_type` of `authorization_code`
Okay, I've finally managed to get a token response in JS, just need to figure out what it's doing differently, thanks @VKinde I'll update this thread if I figure it out
37 replies
KKinde
Created by jamie on 3/29/2024 in #💻┃support
Unable to make a POST request to retrieve a token with `grant_type` of `authorization_code`
No description
37 replies
KKinde
Created by jamie on 3/29/2024 in #💻┃support
Unable to make a POST request to retrieve a token with `grant_type` of `authorization_code`
Ah okay, so I tried with the node example, I'm getting an error message now
37 replies
KKinde
Created by jamie on 3/29/2024 in #💻┃support
Unable to make a POST request to retrieve a token with `grant_type` of `authorization_code`
FYI: The app I'm using is of type "Back-end web"
37 replies
KKinde
Created by jamie on 3/29/2024 in #💻┃support
Unable to make a POST request to retrieve a token with `grant_type` of `authorization_code`
Here is the verbose curl output: 
* Host <REDACTED>.kinde.com:443 was resolved.
* IPv6: (none)
* IPv4: 18.133.18.216, 18.132.161.25
*   Trying 18.133.18.216:443...
* Connected to <REDACTED>.kinde.com (18.133.18.216) port 443
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
*  CAfile: /home/jamie/.anaconda3/ssl/cacert.pem
*  CApath: none
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256 / X25519 / RSASSA-PSS
* ALPN: server did not agree on a protocol. Uses default.
* Server certificate:
*  subject: CN=*.kinde.com
*  start date: Mar 12 00:00:00 2024 GMT
*  expire date: Apr 11 23:59:59 2025 GMT
*  subjectAltName: host "<REDACTED>.kinde.com" matched cert's "*.kinde.com"
*  issuer: C=US; O=Amazon; CN=Amazon RSA 2048 M03
*  SSL certificate verify ok.
*   Certificate level 0: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
*   Certificate level 1: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
*   Certificate level 2: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
* using HTTP/1.x
> POST /oauth2/token?grant_type=authorization_code&client_id=<REDACTED>&client_secret=<REDACTED>&audience=https://<REDACTED>.kinde.com/api HTTP/1.1
> Host: <REDACTED>.kinde.com
> User-Agent: curl/8.5.0
> Accept: */*
> Content-Type: application/x-www-form-urlencoded
> 
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
< HTTP/1.1 400 Bad Request
< Date: Fri, 29 Mar 2024 20:52:01 GMT
< Content-Length: 0
< Connection: keep-alive
< Vary: Origin
< 
* Connection #0 to host <REDACTED>.kinde.com left intact
* Host <REDACTED>.kinde.com:443 was resolved.
* IPv6: (none)
* IPv4: 18.133.18.216, 18.132.161.25
*   Trying 18.133.18.216:443...
* Connected to <REDACTED>.kinde.com (18.133.18.216) port 443
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
*  CAfile: /home/jamie/.anaconda3/ssl/cacert.pem
*  CApath: none
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256 / X25519 / RSASSA-PSS
* ALPN: server did not agree on a protocol. Uses default.
* Server certificate:
*  subject: CN=*.kinde.com
*  start date: Mar 12 00:00:00 2024 GMT
*  expire date: Apr 11 23:59:59 2025 GMT
*  subjectAltName: host "<REDACTED>.kinde.com" matched cert's "*.kinde.com"
*  issuer: C=US; O=Amazon; CN=Amazon RSA 2048 M03
*  SSL certificate verify ok.
*   Certificate level 0: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
*   Certificate level 1: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
*   Certificate level 2: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
* using HTTP/1.x
> POST /oauth2/token?grant_type=authorization_code&client_id=<REDACTED>&client_secret=<REDACTED>&audience=https://<REDACTED>.kinde.com/api HTTP/1.1
> Host: <REDACTED>.kinde.com
> User-Agent: curl/8.5.0
> Accept: */*
> Content-Type: application/x-www-form-urlencoded
> 
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
< HTTP/1.1 400 Bad Request
< Date: Fri, 29 Mar 2024 20:52:01 GMT
< Content-Length: 0
< Connection: keep-alive
< Vary: Origin
< 
* Connection #0 to host <REDACTED>.kinde.com left intact
37 replies
KKinde
Created by jamie on 3/29/2024 in #💻┃support
Unable to make a POST request to retrieve a token with `grant_type` of `authorization_code`
I can't help but feel like I'm doing something stupid since I get no response body from the 400 res
37 replies