TotalScrub
TotalScrub
PostsComments
KKinde
Created by __maxom__ on 2/23/2025 in #💻┃support
Access Token claims not updating after "Refresh User Claims and Invalidate Cache"
NP, best of luck
25 replies
KKinde
Created by __maxom__ on 2/23/2025 in #💻┃support
Access Token claims not updating after "Refresh User Claims and Invalidate Cache"
No problem, also make sure taht the refresh claims call actually worked as well and didn't return an error. It could be a simple scope issue with the management API as well.
25 replies
KKinde
Created by __maxom__ on 2/23/2025 in #💻┃support
Access Token claims not updating after "Refresh User Claims and Invalidate Cache"
Sorry, probably past my knowledge to help with further. The only thing I can think of is that it's possible that the React SDK is using a cached version of the access token (with the old credentials) and is not overwriting it. For me, when I get Nuxt to do the redirct to login I do it outside of the SDK and just trigger it directly via Nuxt. I can't remember why I did that, I think largely because the Nuxt version of hte SDK isn't nearly as complete as the React one (likely due to popularity differences which is understandable)
25 replies
KKinde
Created by __maxom__ on 2/23/2025 in #💻┃support
Access Token claims not updating after "Refresh User Claims and Invalidate Cache"
I'm not across the React SDK. Is login() your method or Kinde's? Have you checked the network tab (assuming Chrome or Firefox) to see if the frontend is actually passing in the org code when it redirects to Kinde?
25 replies
KKinde
Created by __maxom__ on 2/23/2025 in #💻┃support
Access Token claims not updating after "Refresh User Claims and Invalidate Cache"
@maxom If the org code is coming back from your backend, and you are successfully calling refreshUserClaims() then it's probably the frontend that needs to be looked at. Or it's a bug in the SDKs. I have the exact scenario you are describing working correctly as it's my onboarding flow for two different personas (same flow, but different roles / orgs), but I'm using Nuxt / Vue (frontend) and .NET (backend) so my tech stack and thus Kinde SDKs are different. For me I: - Have the user sign up (Nuxt) via Kinde's default registration flow - After successful registration I get my backend (.NET) to assign or create an org, and assign roles. I then call refreshUserClaims() .NET using Kinde's Management API - After this API call to my backend Nuxt will get the user to log in again using the approach detailed in my original response to this support issue. - For me, it will work. I was hitting the issue you were describing, but that was before I did the login with the org code. So if I was troubleshooting this myself, I'd be making sure that the frontend is actually calling Kinde with the org_code.
25 replies
KKinde
Created by __maxom__ on 2/23/2025 in #💻┃support
Access Token claims not updating after "Refresh User Claims and Invalidate Cache"
Did you pass in the orgCode for the newly created Org when loggin the user in again?
25 replies
KKinde
Created by __maxom__ on 2/23/2025 in #💻┃support
Access Token claims not updating after "Refresh User Claims and Invalidate Cache"
It will be slightly different in React and it's possible that they may have already implemented a switchOrg helper as mentioned by Daniel in the GitHub issue
25 replies
KKinde
Created by __maxom__ on 2/23/2025 in #💻┃support
Access Token claims not updating after "Refresh User Claims and Invalidate Cache"
Hi, this thread might help you: https://discord.com/channels/1070212618549219328/1320557296593403904/1320557296593403904 Or this GitHub issue - https://github.com/kinde-oss/kinde-typescript-sdk/issues/63 I suspect what you need to do is log the user in with an org-code (no need to log them out) and if you use prompt = none then they won't visually see the Kinde UI (assuming they have a valid session)
25 replies
KKinde
Created by Fritz on 2/11/2025 in #💻┃support
Microsoft AD email domain issue (resolved)
No description
9 replies
KKinde
Created by Mert Efe Cerit on 1/28/2025 in #💻┃support
Nuxt + Kinde Module Logic Problems
Not sure sorry, it was just a stab in the dark. It's not a behaviour I currently need for my app (I'm happy to use refresh tokens). But I'll keep an eye on this thread as it's a problem I may face in the future. I'm not sure what the Kinde log messages refer to, might need Kinde to respond on that count. It might be a 'bug' or deliberate behaviour where the refresh token (and auth token) have expired, but Kinde's session (the one associated with the Kinde domain, not your web application) is still active and valid, thus issues another auth token without requiring sign in. I.e. from a JWT perspective it's working as expected. However, Kinde's login flow on the UI isn't tied to the token configuration. I don't see a way in Kinde to turn off persistent sessions (E.g. in many auth experiences there is a checkbox to say if you want to stay signed in or not,) as this looks to be the default behaviour.
18 replies
KKinde
Created by Mert Efe Cerit on 1/28/2025 in #💻┃support
Nuxt + Kinde Module Logic Problems
You can configure tokens inside the 'Application' that users use to authenticate with in the Tokens section. https://docs.kinde.com/build/tokens/configure-tokens/
18 replies
KKinde
Created by Mert Efe Cerit on 1/28/2025 in #💻┃support
Nuxt + Kinde Module Logic Problems
@Mert Efe Cerit could it be your token configuration? I'm not sure how to 'turn off' refresh tokens. But I suspect what is happening is that the user still has a refresh token so Kinde is implicitly refreshing the access token. Maybe try setting the refresh token expiry to 0 or -1 and see what Kinde does?
18 replies
KKinde
Created by cspok on 1/23/2025 in #💻┃support
Kinde with Nuxt & Supabase
You can access certain details that come through from Nuxt (server) on the client like whether or not the user is authenticated and their basic profile information (name, avatar, etc) though.
4 replies
KKinde
Created by cspok on 1/23/2025 in #💻┃support
Kinde with Nuxt & Supabase
Hey cspok. I'm using Nuxt, but I am using SSR and sending the access token to my .NET backend. I'm also more of a .NET developer so this is my first time using Nuxt. I do not believe you can get the access token on the client. The cookie that Kinde uses is HTTP only, and looking at both their documentation and code it doesn't look like it is accessible anywhere client side. Which makes sense from a security standpoint. Looking at their docs I would say the intention is for the Nuxt SDK to be used on the backend. https://docs.kinde.com/developer-tools/about/our-sdks/ You'll probably need to use one of their frontend SDKs to do auth so that the frontend can access the auth token using one of the less secure OAuth 2.0 flows. (IIRC the backend uses code flow)
4 replies
KKinde
Created by TotalScrub on 12/23/2024 in #💻┃support
Refresh claims approach
Ahh, my use case might be slightly different @Woet.
The problem was that upon Kinde user creation the user didn't belong to any Kinde organisations (and roles are assigned to users in an org, not to the user itself). After initial registration I would then assign the user to the appropriate organisation. I would call refreshUserClaims() using Kinde's Management API but it did nothing. Based on the GitHub thread I later learned it was because the user was still signed into no organisations and I needed to sign the user into the organisation they had been added to (which could be done 'silently'). This fixed my issue. But I still also need to start working on your use-case at some point as well. According to Kinde's document this should just happen - https://docs.kinde.com/authenticate/manage-authentication/sync-with-kinde/. However, most systems will cache a valid JWT so it isn't clear to me how a web server (or browser) would know that the JWT is no longer valid unless it's using something like Token Introspection (https://www.oauth.com/oauth2-servers/token-introspection-endpoint/) or as suggested by Kinde using short expiry tokens. @Oli - Kinde I know you're on leave, but it would be good if we could get some guidance on this when you get back, happy to jump on a call as well. It's likely it's just documentation but I would say for many developers (including myself) it would be good to get some more crystal clear guidance on how this works to save on confusion.
20 replies
KKinde
Created by TotalScrub on 12/23/2024 in #💻┃support
Refresh claims approach
@Woet if you follow the GitHub thread https://github.com/kinde-oss/kinde-typescript-sdk/issues/63 it might solve your issue for you. With guidance from Coel (Kinde) I was able to redirect the user to log in (with no prompt so they don't see the Kinde UI) with the organisation and get the expected claims. cc @Oli - Kinde
20 replies
KKinde
Created by hendry.lim on 1/1/2025 in #💻┃support
Is it possible to get org code from the response after adding a organization via management api
I'm not familar with Prisma, but it might be easier to use one of Kinde's SDKs. That said, there's no reason you can't use fetch directly via JavaScript.
8 replies
KKinde
Created by hendry.lim on 1/1/2025 in #💻┃support
Is it possible to get org code from the response after adding a organization via management api
You need to read the stream (body) I believe.
8 replies
KKinde
Created by hendry.lim on 1/1/2025 in #💻┃support
Is it possible to get org code from the response after adding a organization via management api
https://docs.kinde.com/kinde-apis/management/#tag/organizations/post/api/v1/organization provides the organisation code in the response for a 200 response. I'm not using the API directly but through the .NET SDK which is just a wrapper around the API it provides me with the org code in the response.
8 replies
KKinde
Created by kishan_6969 on 12/28/2024 in #💻┃support
refresh token guide needed
Also this thread might give you some more information, including some comments from Oli (Kinde's Product Manager) https://discord.com/channels/1070212618549219328/1320557296593403904
9 replies