mariodebono Posts - Answer Overflow

mariodebono

•Created by mariodebono on 6/15/2024 in #💻┃support

Hi, I need to let users authenticate from a device that cannot receive callbacks. I was thinking that there is a way with PKCE to have an API to act as an intermediary and finally call the /token with the code and the code_verifier on the client to get the token. here is the flow I was thinking:

/**
 * 1. Device initiates authentication by launching a browser and making a GET request to the API:
 *    GET my-api/login?challenge=<S256_challenge>&device_id=<unique_device_id>
 *    - The device generates a S256 code challenge and includes it in the request along with a unique id.
 * 
 * 2. The API redirects the user to the authorization server for login:
 *    Redirect to /auth?...&code_challenge=<S256_challenge>&callback=my-api/callback&state=<unique_device_id>
 *    - including the S256 challenge, and the device's ID as the state parameter.
 * 
 * 3. The user completes the login process in the browser.
 * 
 * 4. Upon successful login, the authorization server redirects the user to the API callback URL:
 *    my-api/callback
 *    - The API stores the received authorization code.
 * 
 * 5. The device periodically polls the API to check the status for code:
 *    Device makes a GET request to my-api/status?device_id=<unique_device_id>
 *    - The device sends its unique ID to check if the authorization code is ready.
 * 
 * 6. The API responds with the authorization code if available:
 *    - The API sends the stored authorization code back to the device.
 * 
 * 7. The device exchanges the authorization code for tokens:
 *    Device makes a POST request to the token endpoint:
 *    POST https://your_kinde_subdomain.kinde.com/oauth2/token
 *    - The request includes the code verifier, authorization code, client ID, and redirect URI.
 * 
 * 8. The device receives the tokens:
 *    - The authorization server responds with the access token and ID token.
* */

/**
 * 1. Device initiates authentication by launching a browser and making a GET request to the API:
 *    GET my-api/login?challenge=<S256_challenge>&device_id=<unique_device_id>
 *    - The device generates a S256 code challenge and includes it in the request along with a unique id.
 * 
 * 2. The API redirects the user to the authorization server for login:
 *    Redirect to /auth?...&code_challenge=<S256_challenge>&callback=my-api/callback&state=<unique_device_id>
 *    - including the S256 challenge, and the device's ID as the state parameter.
 * 
 * 3. The user completes the login process in the browser.
 * 
 * 4. Upon successful login, the authorization server redirects the user to the API callback URL:
 *    my-api/callback
 *    - The API stores the received authorization code.
 * 
 * 5. The device periodically polls the API to check the status for code:
 *    Device makes a GET request to my-api/status?device_id=<unique_device_id>
 *    - The device sends its unique ID to check if the authorization code is ready.
 * 
 * 6. The API responds with the authorization code if available:
 *    - The API sends the stored authorization code back to the device.
 * 
 * 7. The device exchanges the authorization code for tokens:
 *    Device makes a POST request to the token endpoint:
 *    POST https://your_kinde_subdomain.kinde.com/oauth2/token
 *    - The request includes the code verifier, authorization code, client ID, and redirect URI.
 * 
 * 8. The device receives the tokens:
 *    - The authorization server responds with the access token and ID token.
* */

Are there any ways to do this other than the above (if the above is possible)?

3 replies

KKinde

•Created by mariodebono on 5/10/2024 in #💻┃support

ext_provider in id_token is not present after the user change org with login + org_Code

Hi, I have set up the Customize ID token to include the social identity I am using this to enable features around the user profile mostly. When the user is signed out and signs in with Google(i tested only google so far). The expected ext_provider is present in the id_token as expected. When the user is signed in and wants to login in a different (or same) organisation with

login({ org_code: 'xxx' });

login({ org_code: 'xxx' });

The login is successful and as expected, but the id_token now does not contain the ext_provider Is this expected behaviour? or am I using it incorrectly?

6 replies

KKinde

•Created by mariodebono on 4/28/2024 in #💻┃support

After calling createOrg({ org_name: 'name' }) a call to /token that returns 500

I am manually calling createOrg as part of the onboarding flow in my react app and I have noticed that once the createOrg comes back and the receive the code in my callback there is a call that goes to /token which comes back with 500 response. the app still works with this. Not sure if this is normal behaviour or because of the 500, after calling createOrg, the user is not automatically logged in the new Org getOrganization() returns no orgCode Am I doing something wrong? is this an issue I need to work around? thanks

7 replies

KKinde

•Created by mariodebono on 4/26/2024 in #💻┃support

Subscribe Form...React

[solved] Hi, I want to include the subscribe form in a react (docusaurus) site. I want to have a button that will just pop up the form as a modal. I was thinking to convert the form into a React component and simple submit using fetch like so (frontend is not my strong suite) can this be done? am I going about this the wrong way?

// my attempt to submit the form
// this returns with 400

const handleSubmit = (event) => {
        event.preventDefault();

        // Create a FormData object to mimic the form submission as it is without React
        const formData = new FormData();
        formData.append('p_0xxxxxxxxxxxxxxxxxxxx2', "");
        formData.append('new_name', firstName);
        formData.append('new_email', email);

        // Post data as form-data content type
        fetch('https://my-domain.kinde.com/widgets/subscribe/v1/subscribe', {
            method: 'POST',
            body: formData,
        })
            .then(response => response.json())
            .then(data => console.log(data))
            .catch(error => console.error('Error:', error));
    };

// my attempt to submit the form
// this returns with 400

const handleSubmit = (event) => {
        event.preventDefault();

        // Create a FormData object to mimic the form submission as it is without React
        const formData = new FormData();
        formData.append('p_0xxxxxxxxxxxxxxxxxxxx2', "");
        formData.append('new_name', firstName);
        formData.append('new_email', email);

        // Post data as form-data content type
        fetch('https://my-domain.kinde.com/widgets/subscribe/v1/subscribe', {
            method: 'POST',
            body: formData,
        })
            .then(response => response.json())
            .then(data => console.log(data))
            .catch(error => console.error('Error:', error));
    };

8 replies

KKinde

•Created by mariodebono on 2/5/2024 in #💻┃support

Get Users with Kind TS-SDK

I have just started out with the Typescript Sdk with Nestjs and the Kinde Api to get Users and I have few Questions about behaviour and usage (tried both from postman and SDK) 1. the documentation at https://kinde.com/api/docs/#list-users says "Specify additional data to retrieve. Use "organizations" and/or "identities"." what is the correct format to pass both Oganizations and Identities, tried some combinations and got 550s back 2. the user_id does not seem to do anything, is this a bug or am I using it incorrectly?

?user_id=kp_e123abs...

?user_id=kp_e123abs...

3. the next_token always returns a value event when there is no more data to get, will this be changed to return null if there is no more data, or should I always call the api at least twice? Thanks

8 replies

Gaming

Programming