ev_kinde
KKinde
•Created by dachsteinhustler on 10/14/2024 in #💻┃support
what are the rate limits of SSO providers when using the Kinde credentials?
@dachsteinhustler it's better when you create the applications you own for multiple reasons:
- in case Kinde-provided application stops working for some reason (banned by the provider for example), your users will not be able to authenticate until we fix it on Kinde's side. With your own application, not only the risk of this happening is smaller, you are also in the full control of any visual customizations the provider gives you. One of those, for Google for example, you'll see your application's logo and the domain instead of kinde.com.
- another reason, for Apple for example, if you use Kinde-provided application, you wouldn't be able to migrate users from Kinde app to your app, as Apple just doesn't provide this as an option for the subset of users.
Rate limiting doesn't change depending if it's your application or Kinde provided it, the only change is risk that you are decreasing by creating your own apps.
7 replies
KKinde
•Created by Marcos Knopp on 8/22/2024 in #💻┃support
Problems getting a new refreshToken
@Marcos Knopp you will get the same access token, until it expires. Kinde maintains the active OIDC session, rather then maintaining the freshness of the data for each refresh token. This aligns closer to the OIDC standard specifying the token claims should be quite static during the active session.
You have 2 options to influence this behavior:
1. chane the access token TTL in settings to lower TTL, which make the token shorter-lived as a compromise
2. use the refresh claims API endpoint after any major modificastions to the user you'd like to be included during the next token refresh. This will force the next refresh to update the access token with the current user data (https://kinde.com/api/docs/#refresh-user-claims-and-invalidate-cache)
7 replies
KKinde
•Created by jamie on 3/29/2024 in #💻┃support
Unable to make a POST request to retrieve a token with `grant_type` of `authorization_code`
@jamie the golang SDK is in a non-shareable state yet, which parts are you interested in contributing to?
37 replies
KKinde
•Created by bozo on 3/19/2024 in #💻┃support
Language on default layout
Just to make sure, are the necessary languages enabled in the Kinde configuration? It is not going to switch if the language is not enabled.
20 replies
KKinde
•Created by Pablo More on 3/20/2024 in #💻┃support
Personal account and organizations
This is an interesting question @Pablo More, is this something like a concept of a primary organization for a user?
5 replies
KKinde
•Created by internetjohnny on 12/23/2023 in #💻┃support
Dangerous Site Warning using custom subdomain
We've seen this before when an antivirus substituted the certificate on the local machine.
Technically antivirus becomes a man-in-the-middle in order to scan unencrypted traffic. Could you check the details of the certificate? The issuer should be
Let's Encrypt, issued to your sub-domain.11 replies
KKinde
•Created by internetjohnny on 12/20/2023 in #💻┃support
Generating Access Tokens
For the long-running user sessions, you could use refresh tokens with the offline scope. https://kinde.com/docs/developer-tools/refresh-tokens/
11 replies
KKinde
•Created by internetjohnny on 12/20/2023 in #💻┃support
Generating Access Tokens
The access tokens generated via the client credentials are machine-to-machine tokens and won’t include the user subject. I’m not sure what you are after, but include the user part as well. For API authorization on user’s behalf, you’d need to register and enable the API in Kinde UI, then request the API’s audience as one of the auth parameters. This will include the API audience into the user token, which you can validate in you APIs.
11 replies
KKinde
•Created by internetjohnny on 12/17/2023 in #💻┃support
Difference between M2M API and Back-end API
You can use backend app to interact with the Kinde API, you only need to enable the API in settings. M2M app is optional, in case you would want separation, or pure machine-to-machine setup.
8 replies