onderay Comments - Answer Overflow

onderay

Posts Comments

KKinde

•Created by tommyhodev on 7/2/2024 in #💻┃support

Custom Domain is not working

Awesome to hear you got a solution! And thanks for the doc feedback, I will find a way to get it added

8 replies

KKinde

•Created by hemanth sai on 7/4/2024 in #💻┃support

Support OAuth scope specific to org/work space

It sounds like a use case for our Connected app functionality. Unfortunately, we don't yet have those scopes. What timeline are you working towards? https://docs.kinde.com/integrate/connected-apps/add-connected-apps/

3 replies

KKinde

•Created by sieben on 7/4/2024 in #💻┃support

Missing methods on PHP SDK storage

If you are encountering a "method not found" error, it could be due to a few reasons: SDK Version: Ensure that you have the latest version of the Kinde PHP SDK installed. You can update the SDK using Composer with the following command:

composer update kinde-oss/kinde-auth-php

composer update kinde-oss/kinde-auth-php

Namespace and Class: Make sure you are correctly using the namespace and class. Your code should look something like this:

use Kinde\KindeSDK\Sdk\Storage\Storage;

   $storage = Storage::getInstance();
   $storage->setCookiePath('/');

use Kinde\KindeSDK\Sdk\Storage\Storage;

   $storage = Storage::getInstance();
   $storage->setCookiePath('/');

Installation Verification: Verify that the SDK is correctly installed and autoloaded. Check your composer.json file to ensure it includes the Kinde SDK:

   "require": {
       "kinde-oss/kinde-auth-php": "*"
   }

   "require": {
       "kinde-oss/kinde-auth-php": "*"
   }

If you have verified all the above and the issue persists, let me know

2 replies

KKinde

•Created by WiESA on 7/3/2024 in #💻┃support

Refreshing token not working on Safari (iPhone)

I can confirm Kinde currently doesn't yet support maintaining sessions across devices. It is on our roadmap, but doesnt have a timing yet

4 replies

KKinde

•Created by DavidF9265 on 6/30/2024 in #💻┃support

Why do i keep on getting invalid credetianls log?

Got it, we will look into it now

17 replies

KKinde

•Created by DavidF9265 on 6/30/2024 in #💻┃support

Why do i keep on getting invalid credetianls log?

Separate Credentials for Management API: make sure you have separate credentials for it. The KINDE_MANAGEMENT_CLIENT_ID and KINDE_MANAGEMENT_CLIENT_SECRET should be configured separately from your main application credentials.

17 replies

KKinde

•Created by DavidF9265 on 6/30/2024 in #💻┃support

Why do i keep on getting invalid credetianls log?

Are you able to share your code for these parts? Of course, anonymize any private information, so we can see how you have things setup

17 replies

KKinde

•Created by tommyhodev on 7/2/2024 in #💻┃support

Custom Domain is not working

Are you able to double check the following for us? Update Your Application Configuration: Make sure your application is configured to use the custom domain. This includes updating the environment variables and any relevant configuration files. Set Callback and Redirect URLs: Ensure that the callback and logout redirect URLs in your Kinde settings are updated to use your custom domain. This can be done in the Kinde dashboard under Settings > Applications > [your app] > View details. Check Your NextJS Configuration: Verify that your next.config.js and .env files are correctly set up to use the custom domain. For example, your next.config.js should include:

    
    const nextConfig = {
      env: {
        KINDE_SITE_URL: process.env.KINDE_SITE_URL ?? `https://${process.env.VERCEL_URL}`,
        KINDE_POST_LOGOUT_REDIRECT_URL: process.env.KINDE_POST_LOGOUT_REDIRECT_URL ?? `https://${process.env.VERCEL_URL}`,
        KINDE_POST_LOGIN_REDIRECT_URL: process.env.KINDE_POST_LOGIN_REDIRECT_URL ?? `https://${process.env.VERCEL_URL}/dashboard`
      }
    };
    module.exports = nextConfig;

    
    const nextConfig = {
      env: {
        KINDE_SITE_URL: process.env.KINDE_SITE_URL ?? `https://${process.env.VERCEL_URL}`,
        KINDE_POST_LOGOUT_REDIRECT_URL: process.env.KINDE_POST_LOGOUT_REDIRECT_URL ?? `https://${process.env.VERCEL_URL}`,
        KINDE_POST_LOGIN_REDIRECT_URL: process.env.KINDE_POST_LOGIN_REDIRECT_URL ?? `https://${process.env.VERCEL_URL}/dashboard`
      }
    };
    module.exports = nextConfig;

8 replies

KKinde

•Created by IkiTg07 on 7/2/2024 in #💻┃support

Signup isn't working anymore

1. Have you setup French in the auth page designer? Are you passing the language in the auth url? https://docs.kinde.com/design/pages/internationalization/#how-kinde-displays-languages 2. @Daniel_Kinde was asking about if you have the Social SSO enabled on your application in Kinde https://docs.kinde.com/authenticate/authentication-methods/set-up-user-authentication/#switch-on-social-authentication 3. Are you using the Kinde hosted Auth pages or are bring along your own custom pages? https://docs.kinde.com/authenticate/custom-configurations/custom-authentication-pages/#custom-sign-in-for-social-authentication

8 replies

KKinde

•Created by WiESA on 7/3/2024 in #💻┃support

Refreshing token not working on Safari (iPhone)

I will triple check with the team, but from my knowledge sessions are not carried across devices. However, Kinde supports shared authenticated sessions across applications running on separate subdomains, which can help in scenarios where you want to maintain a session across different apps or subdomains on the same device.

4 replies

KKinde

•Created by skywalker-kiwi#02131 on 7/1/2024 in #💻┃support

Webhook Validation

Let me know this helps you with what you are seeing

8 replies

KKinde

•Created by skywalker-kiwi#02131 on 7/1/2024 in #💻┃support

Webhook Validation

Thanks for providing all the details. It looks like you are encountering a 403 status code, which indicates that the credentials provided are invalid. Are you able to double the following items? Invalid Access Token: Ensure that the access token you are using is valid and has not expired. The token should be a valid bearer token with the necessary permissions to access the /api/v1/events/{event_id} endpoint. Incorrect Token Usage: The token used for the Authorization header should be a valid access token obtained through the proper authentication flow, not the encoded JWT from the webhook payload. The JWT from the webhook payload is used to verify the authenticity of the webhook request, not for API authentication. Scope and Permissions: Verify that the access token has the correct scopes and permissions to access the event details. You might need to check the permissions associated with the token. Here is a revised version of your method, ensuring that the access token is correctly used for the API call:

public async Task<bool> ValidateWebhook(string eventId, DateTime timestamp, string accessToken, CancellationToken cToken = default)
{
  try
  {
      ArgumentNullException.ThrowIfNullOrEmpty(nameof(eventId));
      ArgumentNullException.ThrowIfNull(nameof(timestamp));

      string endpoint = $"api/v1/events/{eventId}";
      string domain = _kindeSettings.Domain;

      string absoluteUrl = $"{domain}/{endpoint}";
      bool uriIsValid = Uri.TryCreate(absoluteUrl, UriKind.Absolute, out Uri uri);
      if (!uriIsValid) throw new Exception("The uri is not valid");
      using (HttpClient client = new HttpClient())
      {
          HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, uri);
          request.Headers.Accept.Add(new System.Net.Http.Headers.MediaTypeWithQualityHeaderValue("application/json"));
          request.Headers.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Bearer", accessToken);
          cToken.ThrowIfCancellationRequested();

          HttpResponseMessage message = await client.SendAsync(request, cToken);
          if (message.StatusCode == System.Net.HttpStatusCode.Forbidden)
          {
              throw new Exception("Access forbidden: Invalid credentials or insufficient permissions.");
          }
          message.EnsureSuccessStatusCode();
      }
      return true; //not yet finished
  }
  catch(Exception ex)
  {
      _logger.LogError(ex, ex.Message);
      throw;
  }
}

public async Task<bool> ValidateWebhook(string eventId, DateTime timestamp, string accessToken, CancellationToken cToken = default)
{
  try
  {
      ArgumentNullException.ThrowIfNullOrEmpty(nameof(eventId));
      ArgumentNullException.ThrowIfNull(nameof(timestamp));

      string endpoint = $"api/v1/events/{eventId}";
      string domain = _kindeSettings.Domain;

      string absoluteUrl = $"{domain}/{endpoint}";
      bool uriIsValid = Uri.TryCreate(absoluteUrl, UriKind.Absolute, out Uri uri);
      if (!uriIsValid) throw new Exception("The uri is not valid");
      using (HttpClient client = new HttpClient())
      {
          HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, uri);
          request.Headers.Accept.Add(new System.Net.Http.Headers.MediaTypeWithQualityHeaderValue("application/json"));
          request.Headers.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Bearer", accessToken);
          cToken.ThrowIfCancellationRequested();

          HttpResponseMessage message = await client.SendAsync(request, cToken);
          if (message.StatusCode == System.Net.HttpStatusCode.Forbidden)
          {
              throw new Exception("Access forbidden: Invalid credentials or insufficient permissions.");
          }
          message.EnsureSuccessStatusCode();
      }
      return true; //not yet finished
  }
  catch(Exception ex)
  {
      _logger.LogError(ex, ex.Message);
      throw;
  }
}

8 replies

KKinde

•Created by DavidF9265 on 6/30/2024 in #💻┃support

Why do i keep on getting invalid credetianls log?

Sorry to hear that you cant get the Management API to work for you in Production. What Kinde SDKs are you using? Are the credentials for the API seperate from the main app credentials? More an FYI but we have API SDK now that we are slowly phasing in https://github.com/kinde-oss/management-api-js

17 replies

KKinde

•Created by Francisco "Klogan" Barros on 6/30/2024 in #💻┃support

[react-sdk][react-native-sdk (expo)] recommendation for integration testing mocks

Thanks for providing the details about how you are blocked; I am going to get one of the team who is very familiar with those SDKs to jump in. Are both of your questions related to you setting up end to end testing?

5 replies

KKinde

•Created by Northerncoder on 6/25/2024 in #💻┃support

satellite domains

Would the user then be redirected back to your customer's custom domain or your product root domain?

11 replies

KKinde

•Created by Northerncoder on 6/25/2024 in #💻┃support

satellite domains

We are typically seeing this feature requested by B2B products with high ACV, where they are looking at on selling this whitelabel feature.

11 replies

KKinde

•Created by Mehanika on 2/22/2024 in #💻┃support

Invite users to Kinde (and organization) through the API

We don't have a timeline for it yet, but the team is working on some parallel functionality that we are aiming to roll out around Oct.

7 replies

KKinde

•Created by 夏天夏 on 5/22/2024 in #💻┃support

Email verification is required for every Twitter login

@riteshreg @夏天夏 the thinks there may of been a change on the X SSO side, they have made changes before without warning. So will look into this week and get it fixed up

6 replies

KKinde

•Created by Daniel237 on 6/7/2024 in #💻┃support

Authentication flow: Received : key | Expected: State not found

Mmmm, ok, I will get a more experienced team member to help with this

34 replies

KKinde

•Created by Tigerr on 6/23/2024 in #💻┃support

Redirect User Not Found to request access page

The below instructions could help you, but not 100% sure if you can redirect it to the request access page. Create an API route to get the Kinde session data:

// app/api/kindeSession/route.ts
import { getKindeServerSession } from "@kinde-oss/kinde-auth-nextjs/server";
import { NextResponse } from "next/server";

export async function GET() {
  const { getUser, isAuthenticated } = getKindeServerSession();

  if (!(await isAuthenticated())) {
    return new Response("Unauthorized", { status: 401 });
  }

  const user = await getUser();
  return NextResponse.json({ user });
}

// app/api/kindeSession/route.ts
import { getKindeServerSession } from "@kinde-oss/kinde-auth-nextjs/server";
import { NextResponse } from "next/server";

export async function GET() {
  const { getUser, isAuthenticated } = getKindeServerSession();

  if (!(await isAuthenticated())) {
    return new Response("Unauthorized", { status: 401 });
  }

  const user = await getUser();
  return NextResponse.json({ user });
}

Fetch the session data in your client component and handle the redirection:

// some client component
"use client";

import { useEffect, useState } from "react";
import { useRouter } from "next/router";

export default function ProtectedPage() {
  const [user, setUser] = useState(null);
  const [authStatus, setAuthStatus] = useState(null);
  const router = useRouter();

  useEffect(() => {
    const getKindeSession = async () => {
      const res = await fetch("/api/kindeSession");
      if (res.status === 401) {
        router.push("/api/auth/login");
      } else {
        const data = await res.json();
        setUser(data.user);
        setAuthStatus(true);
      }
    };

    getKindeSession();
  }, [router]);

  if (!authStatus) {
    return <div>Loading...</div>;
  }

  return <div>Protected content</div>;
}

// some client component
"use client";

import { useEffect, useState } from "react";
import { useRouter } from "next/router";

export default function ProtectedPage() {
  const [user, setUser] = useState(null);
  const [authStatus, setAuthStatus] = useState(null);
  const router = useRouter();

  useEffect(() => {
    const getKindeSession = async () => {
      const res = await fetch("/api/kindeSession");
      if (res.status === 401) {
        router.push("/api/auth/login");
      } else {
        const data = await res.json();
        setUser(data.user);
        setAuthStatus(true);
      }
    };

    getKindeSession();
  }, [router]);

  if (!authStatus) {
    return <div>Loading...</div>;
  }

  return <div>Protected content</div>;
}

In this example, the API route checks if the user is authenticated using getKindeServerSession. If the user is not authenticated, it returns a 401 status. The client component fetches this data and redirects the user to the login page if they are not authenticated. Here is perfectly fine, and it's our Monday morning for most of the team, so we are ready to help.

10 replies

Gaming

Programming