TotalScrub
TotalScrub
PostsComments
KKinde
Created by cspok on 1/23/2025 in #💻┃support
Kinde with Nuxt & Supabase
You can access certain details that come through from Nuxt (server) on the client like whether or not the user is authenticated and their basic profile information (name, avatar, etc) though.
4 replies
KKinde
Created by cspok on 1/23/2025 in #💻┃support
Kinde with Nuxt & Supabase
Hey cspok. I'm using Nuxt, but I am using SSR and sending the access token to my .NET backend. I'm also more of a .NET developer so this is my first time using Nuxt. I do not believe you can get the access token on the client. The cookie that Kinde uses is HTTP only, and looking at both their documentation and code it doesn't look like it is accessible anywhere client side. Which makes sense from a security standpoint. Looking at their docs I would say the intention is for the Nuxt SDK to be used on the backend. https://docs.kinde.com/developer-tools/about/our-sdks/ You'll probably need to use one of their frontend SDKs to do auth so that the frontend can access the auth token using one of the less secure OAuth 2.0 flows. (IIRC the backend uses code flow)
4 replies
KKinde
Created by TotalScrub on 12/23/2024 in #💻┃support
Refresh claims approach
Ahh, my use case might be slightly different @Woet.
The problem was that upon Kinde user creation the user didn't belong to any Kinde organisations (and roles are assigned to users in an org, not to the user itself). After initial registration I would then assign the user to the appropriate organisation. I would call refreshUserClaims() using Kinde's Management API but it did nothing. Based on the GitHub thread I later learned it was because the user was still signed into no organisations and I needed to sign the user into the organisation they had been added to (which could be done 'silently'). This fixed my issue. But I still also need to start working on your use-case at some point as well. According to Kinde's document this should just happen - https://docs.kinde.com/authenticate/manage-authentication/sync-with-kinde/. However, most systems will cache a valid JWT so it isn't clear to me how a web server (or browser) would know that the JWT is no longer valid unless it's using something like Token Introspection (https://www.oauth.com/oauth2-servers/token-introspection-endpoint/) or as suggested by Kinde using short expiry tokens. @Oli - Kinde I know you're on leave, but it would be good if we could get some guidance on this when you get back, happy to jump on a call as well. It's likely it's just documentation but I would say for many developers (including myself) it would be good to get some more crystal clear guidance on how this works to save on confusion.
20 replies
KKinde
Created by TotalScrub on 12/23/2024 in #💻┃support
Refresh claims approach
@Woet if you follow the GitHub thread https://github.com/kinde-oss/kinde-typescript-sdk/issues/63 it might solve your issue for you. With guidance from Coel (Kinde) I was able to redirect the user to log in (with no prompt so they don't see the Kinde UI) with the organisation and get the expected claims. cc @Oli - Kinde
20 replies
KKinde
Created by hendry.lim on 1/1/2025 in #💻┃support
Is it possible to get org code from the response after adding a organization via management api
I'm not familar with Prisma, but it might be easier to use one of Kinde's SDKs. That said, there's no reason you can't use fetch directly via JavaScript.
8 replies
KKinde
Created by hendry.lim on 1/1/2025 in #💻┃support
Is it possible to get org code from the response after adding a organization via management api
You need to read the stream (body) I believe.
8 replies
KKinde
Created by hendry.lim on 1/1/2025 in #💻┃support
Is it possible to get org code from the response after adding a organization via management api
https://docs.kinde.com/kinde-apis/management/#tag/organizations/post/api/v1/organization provides the organisation code in the response for a 200 response. I'm not using the API directly but through the .NET SDK which is just a wrapper around the API it provides me with the org code in the response.
8 replies
KKinde
Created by kishan_6969 on 12/28/2024 in #💻┃support
refresh token guide needed
Also this thread might give you some more information, including some comments from Oli (Kinde's Product Manager) https://discord.com/channels/1070212618549219328/1320557296593403904
9 replies
KKinde
Created by TotalScrub on 12/23/2024 in #💻┃support
Refresh claims approach
Not expecting / asking it to be delivered in Jan, just some 'no promises' indication of when it might drop
20 replies
KKinde
Created by TotalScrub on 12/23/2024 in #💻┃support
Refresh claims approach
NP @Oli - Kinde I understand. If I could get some rough ballpark at some point in Jan once your teammate has a better sense of the effort involved that would be appreciated as it would allow me to plan accordingly. E.g. if I can just wait for it to be released, if I need to do a workaround, or if I just go with early customers and advise them of the issue / workaround.
20 replies
KKinde
Created by TotalScrub on 12/23/2024 in #💻┃support
Refresh claims approach
Thanks @Oli - Kinde, any rough timeframe for when you think you might have the js utils package in place? Right now it's just annoying, because I don't have any customers as I build out my MVP. But it would be a significant issue for me were I live, to the point where I'd need to heavily change my onboarding workflow to work around it.
20 replies
KKinde
Created by TotalScrub on 12/23/2024 in #💻┃support
Refresh claims approach
Thanks @Oli - Kinde I've added to https://github.com/kinde-oss/kinde-typescript-sdk/issues/63 as I suspect this 'behaviour' might be the root cause of the issue and it may be intentional, not a bug. If it's intentional I'm presuming it's because different organisations can have different authentication policies, particularly for your upgraded Organisations.
20 replies
KKinde
Created by TotalScrub on 12/23/2024 in #💻┃support
Refresh claims approach
Hey @Oli - Kinde. - I'm using Nuxt (Vue) to perform auth / registration using your SDK. In the case of the API call to refreshing claims I'm using your TypeScript SDK as that's your current guidance. - I'm also using the .NET SDK to try and force a claims refresh. My .NET APIs are the one's doing the M2M 'heavy lifting', I'm only using TypeScript SDK to do the claims refresh as that is the Nuxt server which 'owns' the Kinde cookie / JWT. (I do also force a claims refresh for actions which change claims values in the .NET API but I understand why it does nothing, my .NET API only validates the JWT with Kinde) I guess one question I would have for your team is why an API call to Kinde's servers via refreshUserClaims() is needed at all, at least in terms of understanding what is actually happening. I would have thought just forcing a refresh of the users auth token would in turn refresh the claims. It's been a minute since I looked at your Nuxt SDK source code, but IIRC there was another method to refresh claims (that didn't require a M2M app) but because it was using your sessionManager the session manager already saw that there was a 'valid' auth token and so doesn't call your servers to refresh, at least to my understanding. P.S. working on Christmas day Oli? That's dedication 😁
20 replies
KKinde
Created by Hans on 12/19/2024 in #💻┃support
Delegated User Management
The Microsoft Entra option would obviously depend on what the different upstream identity providers support. In terms of directly giving organisation users access to Kinde and being able only restrict them to their org I don't believe it's supported (but could be wrong on that count)
6 replies
KKinde
Created by Hans on 12/19/2024 in #💻┃support
Delegated User Management
I'm not sure if there is. Someone more knowledgeable or from Kinde might have better insight. There's two ways of handling it to my knowledge. 1. Create a custom UI using Kinde's Management API which I believe is the way most people handle this. 2. If you are using SSO with something like Microsoft Entra (which Kinde supports) an enterprise organisation could in theory control their RBAC from their identity provider (through group / role assignment) and this would come downstream to Kinde. It's been my experience this is preferential to many enterprise orgs I've worked with in the past so it's not another system that their IT team needs to log into. Another option similar to 2, would be SCIM which allows the copying of user data from one identity provider to another. I believe support for this is on Kinde's roadmap.
6 replies
KKinde
Created by ryno1234. on 7/1/2024 in #💻┃support
Gravatar images empty
Thanks @ryno1234. I might do something similar along those lines, but for now I'm just getting my API to return null for Gravatar icons coming from Kinde and displaying a generic Icon. Hey, maybe if it's boring enough maybe people will upload their avatars 😁.
15 replies
KKinde
Created by Mert Efe Cerit on 12/9/2024 in #💻┃support
/api/login route cannot found on build (NUXT)
Your English is fine mate. And I shouldn't have been answering questions in the evening, looking at the Kinde SDK code again href is actually a computed property on that component. I'm still learning Vue (I'm mainly a backend developer) but I was aware of t he prop values bubbling down. Unfortunately I'm not sure if I can help you much further as it's getting a bit beyond my knowledge of middleware. I quickly. used LoginLink as per your code and it worked for me. However I did get a different warning. WARN [NuxtLink] to and href cannot be used together. href will be ignored. Just using <LoginLink/> without any attributes worked for me. Internally the LoginLink wraps around a <NuxtLink /> with an external prop anyway. Have you added @nuxtjs/kinde to your nuxt.config.ts file?
15 replies
KKinde
Created by Mert Efe Cerit on 12/9/2024 in #💻┃support
/api/login route cannot found on build (NUXT)
@Mert Efe Cerit Oh. I'm using Vuetify so I haven't used NuxtLink directly for some time, but it could be because you're using to instead of href. For me this works (v-btn being a Vuetify component. <v-btn class="ml-4" min-width="160px" size="large" nuxt href="/api/login" external>Login</v-btn> IIRC I also had this working with NuxtLink instead of the Vuetify button / LoginLink. Looking at the Nuxt SDK code (after cloning from GitHub) it looks like it has props for href but not to. So I suspect that's the problem. Otherwise I have no idea sorry.
15 replies
KKinde
Created by Mert Efe Cerit on 12/9/2024 in #💻┃support
/api/login route cannot found on build (NUXT)
I have had similar problems (I think). I ended up resorting to await sendRedirect(event, '/api/login');
15 replies
KKinde
Created by DanielPuleio on 12/5/2024 in #💻┃support
Verifying JWT provided by Kinde with PKCE extension
My tech stack is a bit different (I don't know React unfortunately). I use Vue.js, Nuxt, and a .NET API. WIth Nuxt it is using universal rendering meaning it renders both on the backend and frontend. My Nuxt backend when it comes to APIs is just a proxy as the backend can access the token, whereas the frontend cannot. I'm good with that for a couple of reasons, the Kinde cookie is HttpOnly (which is a good thing from a security standpoint) and I also don't want the frontend to be able to access the auth token. The Nuxt proxy basically takes a request from the client and adds the JWT as a bearer token to pass through to my .NET API backend. Now the bit where it might be relevant to you, is I also want to verify that the auth token is valid. What I do in the .NET auth pipeline is ensure that I am decrypting the JWT with the OpenIdConnect configuration (from my authority servers - Kinde, /.wellknown/openid-configuration) public signing keys (and that the authority and issuer are correct). I'm using standard .NET libraries for this so the code won't be as relevant on your NodeJS backend but you can probably do something similar. I would imagine that there are some libraries you can use and configure the authority and / or issuer server to, to validate the JWT. Someone using a tech stack similar to yours will likely have a better answer.
2 replies