sudhanshug
Explore posts from serversKKinde
•Created by sudhanshug on 1/22/2024 in #💻┃support
Can the PKCE access token be used to authenticate/authorize requests
/oauth2/token is the refresh endpoint
53 replies
KKinde
•Created by sudhanshug on 1/22/2024 in #💻┃support
Can the PKCE access token be used to authenticate/authorize requests
I am not sure about this – but there is definitely some erratic behaviour
53 replies
KKinde
•Created by sudhanshug on 1/22/2024 in #💻┃support
Can the PKCE access token be used to authenticate/authorize requests
weirdly, this only seems to happen when the access token has expired.
53 replies
KKinde
•Created by sudhanshug on 1/22/2024 in #💻┃support
Can the PKCE access token be used to authenticate/authorize requests
looks like the new id token's
auth_time is equal to iat53 replies
KKinde
•Created by sudhanshug on 1/22/2024 in #💻┃support
Can the PKCE access token be used to authenticate/authorize requests
token refresh fails as a result of this when using the
oidc-client-ts js lib53 replies
KKinde
•Created by sudhanshug on 1/22/2024 in #💻┃support
Can the PKCE access token be used to authenticate/authorize requests
Kinde's openid implementation seems to be incorrect.
When I use refresh token with
/oauth2/token endpoint, it generates a new id_token whose auth_time is not the same as the original id token.
https://arc.net/l/quote/oruyybpi53 replies
KKinde
•Created by sudhanshug on 1/22/2024 in #💻┃support
Can the PKCE access token be used to authenticate/authorize requests
53 replies
KKinde
•Created by sudhanshug on 1/22/2024 in #💻┃support
Can the PKCE access token be used to authenticate/authorize requests
Okay. I know how I can verify and decode the token.
But how will I get all the goodies then like middleware, feature flags, orgs etc.
53 replies
KKinde
•Created by sudhanshug on 1/22/2024 in #💻┃support
Can the PKCE access token be used to authenticate/authorize requests
Ok thanks.
Re: next js sdk returning 401
Can you please confirm for me that your nextjs sdk automatically reads the Authorization Bearer token and correctly authenticates the request?
Asking because when I read your codebase, it seemed to rely on the cookie solely and did not seem to read Authorization header at all.
53 replies
KKinde
•Created by sudhanshug on 1/22/2024 in #💻┃support
Can the PKCE access token be used to authenticate/authorize requests
if I am getting this right, the nextjs sdk hits the kinde server on every request to a protected resource?
53 replies
KKinde
•Created by sudhanshug on 1/22/2024 in #💻┃support
Can the PKCE access token be used to authenticate/authorize requests
Can I get an update on this. Kind of important
53 replies
KKinde
•Created by sudhanshug on 1/22/2024 in #💻┃support
Can the PKCE access token be used to authenticate/authorize requests
if you are, please point me to it
53 replies
KKinde
•Created by sudhanshug on 1/22/2024 in #💻┃support
Can the PKCE access token be used to authenticate/authorize requests
I went through your nextjs sdk, I dont think this is secure https://github.com/kinde-oss/kinde-auth-nextjs/blob/main/src/utils/pageRouter/isTokenValid.js#L4
It seems that you are not verifying the signature of the jwt
53 replies
KKinde
•Created by sudhanshug on 1/22/2024 in #💻┃support
Can the PKCE access token be used to authenticate/authorize requests
@Oli - Kinde, the ENVs are correctly set up
53 replies
KKinde
•Created by sudhanshug on 1/22/2024 in #💻┃support
Can the PKCE access token be used to authenticate/authorize requests
53 replies
KKinde
•Created by sudhanshug on 1/22/2024 in #💻┃support
Can the PKCE access token be used to authenticate/authorize requests
53 replies
KKinde
•Created by sudhanshug on 1/22/2024 in #💻┃support
Can the PKCE access token be used to authenticate/authorize requests
Here is a gist I created with a working OAuth setup for chrome extension
53 replies
KKinde
•Created by sudhanshug on 1/22/2024 in #💻┃support
Can the PKCE access token be used to authenticate/authorize requests
Thanks!
53 replies