TotalScrub
KKinde
•Created by Joo on 3/27/2025 in #💻┃support
github provider not giving email address
The Kinde documentation states (I don't have the exact reference here) that what you can see via the Management UI should be visible in the API. I agree with you Joo, that looks like a bug.
17 replies
KKinde
•Created by __maxom__ on 3/19/2025 in #💻┃support
Kinde Management API with custom domain
I found with the Management API even without a custom domain I can't add scopes. It was a while ago so I can't remember the exact error I got, but I believe it was that error message or something similar.
Not adding scopes to the Management API fixed it for me. It still respected the scopes that were configured against the API (i.e. I would get failures if I tried to call a Kinde API endpoint that I hadn't configured permissions to)
Maybe try without adding scopes and see if that works?
8 replies
KKinde
•Created by firemansam on 3/11/2025 in #💻┃support
multitenant multi org to single auth user setup
It doesn't show up in a screenshot but if you hover over the i icon next to Included monthly active organisations the text will confirm what I've stated
16 replies
KKinde
•Created by firemansam on 3/11/2025 in #💻┃support
multitenant multi org to single auth user setup
If there's only 1 MAU per org then that org isn't charged. It's only when it gets to 2 MAU per org that you get the charge.
16 replies
KKinde
•Created by firemansam on 3/11/2025 in #💻┃support
multitenant multi org to single auth user setup
I don't work for Kinde, so take my comments at face value. I'd suggest you go through their pricing page in detail. https://kinde.com/pricing/. Whilst they do give unlimited MAU, MAO, etc they only include a certain number of those for free in each pricing plan and charge for overages.
Depending on the number of API endpoints you have you'll also need to be careful of M2M tokens and make sure that your clients aren't burning tokens by being bad citizens as that too could cause overage charges for your clients which are doing things like creating a M2M token per request for instance.
I myself haven't looked at programmatically registering applications, but I believe Kinde's Management API basically supports anything that is available in the UI (although there are some small exceptions)
16 replies
KKinde
•Created by firemansam on 3/11/2025 in #💻┃support
multitenant multi org to single auth user setup
Sort of. I'm going to reply using Nuxt / Vue as that's what my stack is (on top of .NET). With Nuxt (and I assume any of the JavaScript SDKs) you can get a users organisations with something like:
const organisations = await event.context.kinde.getUserOrganizations();
See - https://docs.kinde.com/build/organizations/orgs-for-developers/.
Kinde does support the concept of a default organisation, but it is a default organisation across the entire business (i.e. your tenant). If you wanted something slightly different (e.g. the user has 3 standard orgs they belong to and you want to be able to define a default) then that's something you'd need to manage in your application logic.
Also, in Kinde from an auth perspective a user is only logged into one org at once. The user's permissions & roles are tied to their membership to the organisation, but you can flick between organisations without forcing the user to log in via Kinde's UX. You can do this by calling login, passing in the org_code and prompt=none.
In terms of customisation, I think Kinde has some capability in the not too distant future around workflows which might fit your use case. https://updates.kinde.com/board/build-your-own-workflows. I think there's a demo of it in #announcements16 replies
KKinde
•Created by __maxom__ on 2/23/2025 in #💻┃support
Access Token claims not updating after "Refresh User Claims and Invalidate Cache"
NP, best of luck
26 replies
KKinde
•Created by __maxom__ on 2/23/2025 in #💻┃support
Access Token claims not updating after "Refresh User Claims and Invalidate Cache"
No problem, also make sure taht the refresh claims call actually worked as well and didn't return an error. It could be a simple scope issue with the management API as well.
26 replies
KKinde
•Created by __maxom__ on 2/23/2025 in #💻┃support
Access Token claims not updating after "Refresh User Claims and Invalidate Cache"
Sorry, probably past my knowledge to help with further. The only thing I can think of is that it's possible that the React SDK is using a cached version of the access token (with the old credentials) and is not overwriting it.
For me, when I get Nuxt to do the redirct to login I do it outside of the SDK and just trigger it directly via Nuxt. I can't remember why I did that, I think largely because the Nuxt version of hte SDK isn't nearly as complete as the React one (likely due to popularity differences which is understandable)
26 replies
KKinde
•Created by __maxom__ on 2/23/2025 in #💻┃support
Access Token claims not updating after "Refresh User Claims and Invalidate Cache"
I'm not across the React SDK. Is
login() your method or Kinde's? Have you checked the network tab (assuming Chrome or Firefox) to see if the frontend is actually passing in the org code when it redirects to Kinde?26 replies
KKinde
•Created by __maxom__ on 2/23/2025 in #💻┃support
Access Token claims not updating after "Refresh User Claims and Invalidate Cache"
@maxom If the org code is coming back from your backend, and you are successfully calling
refreshUserClaims() then it's probably the frontend that needs to be looked at. Or it's a bug in the SDKs. I have the exact scenario you are describing working correctly as it's my onboarding flow for two different personas (same flow, but different roles / orgs), but I'm using Nuxt / Vue (frontend) and .NET (backend) so my tech stack and thus Kinde SDKs are different.
For me I:
- Have the user sign up (Nuxt) via Kinde's default registration flow
- After successful registration I get my backend (.NET) to assign or create an org, and assign roles. I then call refreshUserClaims() .NET using Kinde's Management API
- After this API call to my backend Nuxt will get the user to log in again using the approach detailed in my original response to this support issue.
- For me, it will work. I was hitting the issue you were describing, but that was before I did the login with the org code. So if I was troubleshooting this myself, I'd be making sure that the frontend is actually calling Kinde with the org_code.26 replies
KKinde
•Created by __maxom__ on 2/23/2025 in #💻┃support
Access Token claims not updating after "Refresh User Claims and Invalidate Cache"
Did you pass in the orgCode for the newly created Org when loggin the user in again?
26 replies
KKinde
•Created by __maxom__ on 2/23/2025 in #💻┃support
Access Token claims not updating after "Refresh User Claims and Invalidate Cache"
It will be slightly different in React and it's possible that they may have already implemented a
switchOrg helper as mentioned by Daniel in the GitHub issue26 replies
KKinde
•Created by __maxom__ on 2/23/2025 in #💻┃support
Access Token claims not updating after "Refresh User Claims and Invalidate Cache"
Hi, this thread might help you:
https://discord.com/channels/1070212618549219328/1320557296593403904/1320557296593403904
Or this GitHub issue - https://github.com/kinde-oss/kinde-typescript-sdk/issues/63
I suspect what you need to do is log the user in with an org-code (no need to log them out) and if you use prompt = none then they won't visually see the Kinde UI (assuming they have a valid session)
26 replies
KKinde
•Created by Fritz on 2/11/2025 in #💻┃support
Microsoft AD email domain issue (resolved)
9 replies
KKinde
•Created by Mert Efe Cerit on 1/28/2025 in #💻┃support
Nuxt + Kinde Module Logic Problems
Not sure sorry, it was just a stab in the dark. It's not a behaviour I currently need for my app (I'm happy to use refresh tokens). But I'll keep an eye on this thread as it's a problem I may face in the future. I'm not sure what the Kinde log messages refer to, might need Kinde to respond on that count.
It might be a 'bug' or deliberate behaviour where the refresh token (and auth token) have expired, but Kinde's session (the one associated with the Kinde domain, not your web application) is still active and valid, thus issues another auth token without requiring sign in. I.e. from a JWT perspective it's working as expected. However, Kinde's login flow on the UI isn't tied to the token configuration.
I don't see a way in Kinde to turn off persistent sessions (E.g. in many auth experiences there is a checkbox to say if you want to stay signed in or not,) as this looks to be the default behaviour.
18 replies
KKinde
•Created by Mert Efe Cerit on 1/28/2025 in #💻┃support
Nuxt + Kinde Module Logic Problems
You can configure tokens inside the 'Application' that users use to authenticate with in the Tokens section. https://docs.kinde.com/build/tokens/configure-tokens/
18 replies
KKinde
•Created by Mert Efe Cerit on 1/28/2025 in #💻┃support
Nuxt + Kinde Module Logic Problems
@Mert Efe Cerit could it be your token configuration? I'm not sure how to 'turn off' refresh tokens. But I suspect what is happening is that the user still has a refresh token so Kinde is implicitly refreshing the access token.
Maybe try setting the refresh token expiry to 0 or -1 and see what Kinde does?
18 replies
KKinde
•Created by cspok on 1/23/2025 in #💻┃support
Kinde with Nuxt & Supabase
You can access certain details that come through from Nuxt (server) on the client like whether or not the user is authenticated and their basic profile information (name, avatar, etc) though.
4 replies
KKinde
•Created by cspok on 1/23/2025 in #💻┃support
Kinde with Nuxt & Supabase
Hey cspok. I'm using Nuxt, but I am using SSR and sending the access token to my .NET backend. I'm also more of a .NET developer so this is my first time using Nuxt.
I do not believe you can get the access token on the client. The cookie that Kinde uses is HTTP only, and looking at both their documentation and code it doesn't look like it is accessible anywhere client side. Which makes sense from a security standpoint.
Looking at their docs I would say the intention is for the Nuxt SDK to be used on the backend. https://docs.kinde.com/developer-tools/about/our-sdks/
You'll probably need to use one of their frontend SDKs to do auth so that the frontend can access the auth token using one of the less secure OAuth 2.0 flows. (IIRC the backend uses code flow)
4 replies