Ages
Ages
PostsComments
KKinde
Created by danslo on 1/31/2025 in #💻┃support
Some users are are reporting issues signing in.
Hi @danslo , do you still face the issue? In the meantime, please try this temporary workaround: - For users experiencing the error in Brave, temporarily disable Brave Shields for your application domain. Brave’s strict privacy settings can sometimes block essential scripts needed for the Kinde authentication flow. - The error log indicates that no entry point was found. As a temporary fix, add the attribute data-kinde-root to the main container element where the Kinde widget should mount. For example, update your HTML to include:
<div data-kinde-root> <!-- Your SPA content --> </div>
This should ensure the Kinde widget initializes correctly. Please let us know if these steps help or if you continue to experience issues. We’re here to assist further if needed.
13 replies
KKinde
Created by __maxom__ on 2/16/2025 in #💻┃support
Kinde Error:
Hi @maxom , Thanks for sharing the details! I see you're facing two key challenges with Tanstack Router and Kinde React SDK: 1. Redirecting to the Hosted Login Page Issue: Calling context.auth.login() inside beforeLoad causes errors, while a hardcoded URL works but breaks sign-in/sign-up. Solution: The SDK relies on OAuth/OpenID Connect, requiring redirection to the hosted login page. Since hooks like useKindeAuth() must be used inside components, wrap protected routes in an <AuthGuard> component to handle authentication properly. 2. Custom Login (Bypassing Hosted Page) Issue: You want a login(email, password) function to authenticate directly. Solution: The SDK doesn’t support direct email/password login. To fully customize authentication, interact with Kinde’s API manually, handling token exchanges and security. Next Steps Use an <AuthGuard> component for authentication checks. For a fully custom login, implement OAuth manually via Kinde’s API. Let me know if you need more guidance
33 replies
KKinde
Created by Tito on 2/25/2025 in #💻┃support
<appname> Wants to Use "kinde.com" to Sign In popup in ios expo
Hi @Tito , Thanks for reaching out with your question. Currently, due to Apple's OAuth requirements, the in-app browser will display the authorization domain (by default, "kinde.com") when initiating the sign-in flow. This is expected behavior for iOS. If you’d prefer to have your own domain shown instead, you can configure a custom domain. We’ve documented the process for pointing your domain to Kinde here: https://docs.kinde.com/build/domains/pointing-your-domain/ Regarding a native flow using Google or Apple sign-in with a subsequent token exchange via our API, that option is indeed available. Please note that some advanced configurations, including native flows, may require an enterprise plan. Let me know if you have any other questions—I’m happy to help
7 replies
KKinde
Created by Chris on 2/6/2025 in #💻┃support
How are people using Hasura?
Hi @Chris Thanks for reach out. Just to clarify—are you asking about the value Kinde adds specifically for Hasura, or more generally about Hasura's use cases? Kinde simplifies authentication by formatting JWTs for Hasura, but if you're looking for additional benefits, could you share more about your specific use case?
4 replies
KKinde
Created by Chepe on 7/31/2024 in #💻┃support
React Native Expo-secure-storage
Hi @Tito , It sounds like you’ve pinpointed a potential issue with the redirect URI configuration in the @kinde/expo package. Specifically, if the redirect URI is generated as something like myappscheme:// without a proper path (or with a default that doesn't match your expectations), it might not trigger the authorization check when the in-app browser closes. Could you try explicitly setting it to include the /login path (e.g., generating something like myappscheme://login) and let us know if that makes a difference? Additionally, any extra details on how you’re triggering the redirect—such as your build configuration or any specific steps—would be really helpful for us to further diagnose the issue.
22 replies
KKinde
Created by Daniel on 2/13/2025 in #💻┃support
Protect Next.js API Routes?
Hi Daniel, Thanks for reaching out. I took a look at your middleware, and I noticed you’re manually verifying the JWT using your Kinde client secret. Our access tokens are typically signed using an asymmetric algorithm (RS256), which means they’re verified using a public key (accessible via our JWKS endpoint), not the client secret. This mismatch is often why you see the "Unauthorized: Invalid token" error when testing via Postman. To resolve this, you have a couple of options: • Use our built‐in Next.js authentication helpers (like withAuth) for API routes, which handle token verification (including fetching the correct public keys) automatically. • If you need custom JWT validation, consider using a library such as jwks‑rsa to fetch the JWKS from your Kinde domain (e.g. https://<your_kinde_subdomain>.kinde.com/.well‑known/jwks) and verify the token’s signature accordingly. Could you please confirm if the token’s header indicates RS256? If so, updating your verification process should clear the issue. Let me know if you have any questions or need further assistance! For more details on token verification and access tokens, please refer to our documentation https://docs.kinde.com/build/tokens/about-access-tokens/ https://docs.kinde.com/developer-tools/about/using-kinde-without-an-sdk/
7 replies
KKinde
Created by WEe on 1/22/2025 in #💻┃support
401 when using request access form
Hi @WEe , Can you please confirm if you're experiencing this issue in your live environment? Also, could you let us know which domain you're using? This information will help us narrow down the issue.
31 replies
KKinde
Created by bifunctor on 1/27/2025 in #💻┃support
How to implement the token based authentication in GRPC interceptor with Python SDK?
Hi @bifunctor , Just following up—are you still facing this issue? Have you had a chance to try the suggested approach? If you have any questions or need further assistance, let us know. Otherwise, we’ll close this query for now.
3 replies
KKinde
Created by Dave on 1/27/2025 in #💻┃support
Pass custom parameters through authUrlParams
Hi @Dave , Just checking in—are you still experiencing this issue? Have you had a chance to try the suggested steps? If you have any questions or need further assistance, let us know. Otherwise, we’ll go ahead and close this query for now.
5 replies
KKinde
Created by Tito on 2/3/2025 in #💻┃support
Authenticating API calls with Kinde
Hi @Tito , Thank you for reaching out. To ensure that your API calls are authenticated correctly, it's essential to include the appropriate audience parameter when initializing the Kinde SDK in your React Native application. This audience parameter specifies the intended recipient of the token, typically your backend API. In your React Native application, when setting up the Kinde SDK, include the audience parameter in the configuration. Here's an example of how to do this:
import { KindeSDK } from '@kinde-oss/react-native-sdk-0-7x'; const client = new KindeSDK( 'YOUR_KINDE_DOMAIN', 'YOUR_REDIRECT_URI', 'YOUR_CLIENT_ID', 'YOUR_POST_LOGOUT_REDIRECT_URI', 'profile email openid', { audience: 'https://yourapi.example.com', } ); export default client;
Ensure that the audience value matches the Audience URL you specified when registering your API in the Kinde dashboard. https://docs.kinde.com/developer-tools/sdks/native/expo-react-native After initializing the SDK and obtaining the access token, include it in the Authorization header of your HTTP requests from the React Native app to your Next.js backend. Example:
const response = await fetch('https://yourapi.example.com/endpoint', { method: 'GET', headers: { Authorization: Bearer ${accessToken}, }, });
On your Next.js backend, validate the incoming token to ensure it's valid and has the correct audience claim. Additional Considerations: - Ensure that you're using a compatible version of the Kinde React Native SDK with your Expo setup. https://docs.kinde.com/developer-tools/sdks/native/react-native-sdk Token Validation: On your backend, verify the access token's aud claim to ensure it matches your API's audience identifier. This step is crucial for security to confirm that the token was intended for your API. If you encounter further issues or have additional questions, please don't hesitate to reach out
61 replies
KKinde
Created by yeswolf on 11/20/2024 in #💻┃support
unable to login using kinde on Android apk preview
Hello @Tito , It seems that the issue may be with the redirect handling after the in-app browser closes. Since the app is not entering the authorized state after a successful login, it’s likely that the redirect URI is not properly configured or the app isn’t catching the redirect intents as expected. - Make sure that your redirect URIs are correctly set in the Kinde Dashboard. This should match the URI scheme you've defined in your app.json. - Since the redirect isn’t being picked up correctly, ensure that your app.json includes the necessary setup for both Android and iOS. You might need to explicitly define the intentFilters for Android and update the iOS scheme. For Android, your app.json might look like this:
{ "expo": { "platforms": ["android"], "android": { "package": "com.yourapp", "intentFilters": [ { "action": "VIEW", "data": { "scheme": "your-app-scheme" } } ] }, "ios": { "bundleIdentifier": "com.yourapp", "config": { "appAuth": { "redirectUri": "your-app-scheme://redirect" } } } } }
This ensures that Android properly catches the redirect. - It might be helpful to ensure that the component checks for a valid authenticated state before rendering. You can implement a check to see if the user is already logged in, or whether the app should wait for the redirect before attempting to authenticate again. - After making these adjustments, test on a physical device and check the app logs for any error messages related to the redirect handling. Ensure that the authorization flow works smoothly from login through the redirect back to the app. If you're still encountering issues, feel free to share the specific logs or error details and your current setup. I’d be happy to escalate this to our engineering team for a deeper investigation.
120 replies
KKinde
Created by Mert Efe Cerit on 1/28/2025 in #💻┃support
Nuxt + Kinde Module Logic Problems
Hi @Mert Efe Cerit Thanks for providing the detailed explanation of the issue you're facing. I'd like to clarify the main issue you're encountering: - When the token expires, the user is redirected to the login page but is automatically logged in again without filling in any inputs. - Instead, you want the user to be redirected to the login page and required to fill in the relevant fields when the token expires. Could you also please confirm: - The version of the Kinde Nuxt module you're using? - Are there any specific configurations or customizations you've made to the Kinde module or Nuxt app? - Are you using any particular authentication flow (e.g., OAuth, OpenID Connect) in the app? This information will help us in debugging the issue more effectively. Let me know, and we'll take it from there
18 replies
KKinde
Created by Dave on 1/27/2025 in #💻┃support
Pass custom parameters through authUrlParams
Hi @Dave Thanks for the details. It looks like the mz_application_id isn't being passed correctly through the authUrlParams in <LoginLink>. Here's how to ensure it's included in the token: - Ensure mz_application_id is created and marked as public in Kinde. - Map it correctly in the token customization settings to include it as a custom claim. - Use authUrlParams in the <LoginLink> component:
<LoginLink authUrlParams={{ mz_application_id: "123" }}>Sign in</LoginLink>
- Review token customization settings and use developer tools to check if mz_application_id is correctly included. - If using React, Kinde's SDK allows passing custom parameters:
import { useKindeAuth } from '@kinde-oss/kinde-react'; function SignIn() { const { login } = useKindeAuth(); login({ authUrlParams: { mz_application_id: "123" } }); return <button onClick={handleLogin}>Sign in</button>; }
For more details, refer to https://docs.kinde.com/properties/work-with-properties/properties-in-tokens/ If the issue persists, let us know, and we’ll assist further
5 replies
KKinde
Created by yeswolf on 11/20/2024 in #💻┃support
unable to login using kinde on Android apk preview
Hello @Tito , Thank you for sharing the details. Here's a summary of the steps to resolve the issues: 'No discovery document' Error on Android: - Double-check Kinde settings (redirect URIs, client IDs). - Ensure proper network access for the Android simulator (try a physical device). - Simulators may have network restrictions; testing on a real device could help. More info: https://github.com/expo/expo/issues/9954. iOS Authentication Failure: - Verify client credentials in the Kinde dashboard. - Ensure the authentication method is supported (the @kinde-oss/react-native-sdk-0-7x might not work with Expo due to dependencies like react-native-keychain). More info: https://community.kinde.com/kindeoss-reactnativesdk07x-android-browser-compatibility-issue-g3mlYqMd1sNl. Dependency Issues with @kinde-oss/expo: - Ensure correct versions of @expo/config-plugins to avoid compatibility issues. Next Steps: - Review Kinde SDK docs for proper setup: https://docs.kinde.com/developer-tools/sdks/native/expo-react-native. - Check the GitHub repo for related issues or open a new one: https://github.com/kinde-oss/expo. Feel free to share any logs or further details for more specific help.
120 replies
KKinde
Created by Neurath on 11/14/2024 in #💻┃support
Entra SSO
Hi @Neurath Thanks for reach out, It appears you're encountering an error during the OAuth 2.0 callback process, specifically when exchanging the authorization code for an access token. The error message indicates that the secrets for the social provider have expired. This typically means that the credentials (such as client secrets) used to authenticate with the social provider are no longer valid. Recommended Steps: - Log into your social provider's developer console (e.g., Google Developer Console, Facebook for Developers) and check the status of your application's credentials. - If the credentials have expired or are invalid, generate new ones. - Navigate to your Kinde dashboard. - Go to the social connection settings and update the credentials with the new ones obtained from your social provider. - After updating the credentials, test the authentication flow to ensure that the error is resolved. If the issue persists after updating the credentials, please provide more details about the error message or any logs that might help in diagnosing the problem.
13 replies
KKinde
Created by Derrick W on 11/13/2024 in #💻┃support
websockets
Hi Derrick, Thanks for reach out, just to clarify, are you specifically looking for a way to extract and validate the 'Kinde' cookie within the defineWebSocketHandler() function, or are you also considering other aspects of the WebSocket connection for user validation? Let me know if you'd like more details on the solution.
2 replies
KKinde
Created by bifunctor on 1/27/2025 in #💻┃support
How to implement the token based authentication in GRPC interceptor with Python SDK?
Hi @bifunctor Thanks for reach out. To implement token-based authentication in a gRPC server using Python, you can create a custom interceptor to validate bearer tokens. Here's a concise guide: - Define a class that inherits from grpc.ServerInterceptor and override the intercept_service method to handle authentication. - In the intercept_service method, extract the Authorization header from the request metadata. Ensure the token starts with "Bearer " and is followed by a valid JWT. - Use a JWT library to decode and verify the token's signature and claims. Ensure the token is not expired and contains the necessary claims. - If the token is missing, invalid, or expired, abort the request with a UNAUTHENTICATED status. - To test interceptor, you can use a gRPC client that includes a valid JWT in the Authorization header. Ensure the token is signed with the same secret key used in the interceptor. Note: - Replace 'HS256' and self.secret_key with the appropriate algorithm and secret key used in your application. - Ensure the jwt library is installed (pip install pyjwt). For more detailed information on implementing token-based authentication in gRPC with Python, refer to the gRPC Python examples and the Kinde Python SDK documentation. Let me know if you need help with this process or if there’s anything else I can assist with.
3 replies
KKinde
Created by Kenton on 1/27/2025 in #💻┃support
Is it possible to set or update user id before or after user creation
Hey @Kenton, Unfortunately, it's not possible to create a new user with the same Kinde user ID once it's deleted. Each user ID is unique and cannot be reused to avoid conflicts in the system. The best solution is to update all the references in your database where the old user ID was used and replace it with the new user ID. Let me know if you need help with this process or if there’s anything else I can assist with
5 replies
KKinde
Created by Neurath on 11/22/2024 in #💻┃support
Entra AD - How can I get AD group information?
Hi @Neurath , To ensure that Azure Active Directory (Entra ID) group information is included in your access tokens when using Kinde's custom login pages, please consider the following steps: - In your Entra ID application settings, enable group claims to be included in tokens. This ensures that group information is present in the tokens issued to your application. https://learn.microsoft.com/en-us/security/zero-trust/develop/configure-tokens-group-claims-app-roles - Ensure that your custom authentication flow uses the appropriate Kinde authentication endpoints. The discrepancy in group information may arise from differences in the endpoints used during authentication. https://docs.kinde.com/authenticate/custom-configurations/custom-authentication-pages By configuring group claims in Entra ID and aligning your custom authentication flow with Kinde's recommended endpoints, you should be able to retrieve the desired group information in your access tokens. Let me know how it goes.
23 replies
KKinde
Created by Stéphane on 11/13/2024 in #💻┃support
Trouble with SMS
Hi @Joey , Apologies for the delayed response. Kinde provides a limited number of SMS messages for testing purposes. To enable SMS authentication for your users, you need to integrate your own Twilio account with Kinde. https://docs.kinde.com/authenticate/authentication-methods/phone-authentication To ensure that your application is using your Twilio account for sending SMS messages: - In the Kinde dashboard, verify that your Twilio Account SID and Auth Token are correctly configured. - Log in to your Twilio console and navigate to the Usage section to view your SMS activity. If messages are being sent through your Twilio account, they should appear here. https://www.twilio.com/docs/usage/api/usage-record Twilio offers two primary services for sending SMS: Messaging Service: This service allows you to send SMS messages using your own logic and handle responses as needed. Verify Service: Designed specifically for phone number verification and two-factor authentication (2FA), this service manages the process of sending verification codes and validating them. https://www.twilio.com/code-exchange/sms-phone-verification For multi-factor authentication (MFA) purposes, it's recommended to use Twilio's Verify service, as it simplifies the implementation and enhances security. Next Steps: - Ensure that your Twilio credentials are correctly configured in Kinde. - Check your Twilio console to verify that SMS messages are being sent through your account. - For MFA, consider using Twilio's Verify service to streamline the verification process. If you have any further questions or need additional assistance, please don't hesitate to reach out
6 replies