ev_kinde
KKinde
•Created by __maxom__ on 3/1/2025 in #💻┃support
Adding an existing Kinde user to a new organisation
Not really, I'm assuming your application operates based on the email addresses, while Kinde operates based on the unique user IDs. I was referring to the way of getting that user ID.
93 replies
KKinde
•Created by __maxom__ on 3/1/2025 in #💻┃support
Adding an existing Kinde user to a new organisation
The access token will also include the currently authorized organization code and the user permissions assigned to the user related to that organization
93 replies
KKinde
•Created by __maxom__ on 3/1/2025 in #💻┃support
Adding an existing Kinde user to a new organisation
The access token includes the
sub claim, which will be the Kinde user ID, you could see an example in the JWT decoder https://kinde.com/tools/online-jwt-decoder/
Our SDKs contain helper methods on getting information from the tokens.93 replies
KKinde
•Created by __maxom__ on 3/1/2025 in #💻┃support
Adding an existing Kinde user to a new organisation
A sidenote, it's possible to directly switch an active user session between organization without re-authenticating or showing the organization switcher, you'd need to provide the
org_code and if user is already authenticated, Kinde will switch their session and tokens to the new organization (doc https://docs.kinde.com/authenticate/manage-authentication/navigate-between-organizations/)93 replies
KKinde
•Created by __maxom__ on 3/1/2025 in #💻┃support
Adding an existing Kinde user to a new organisation
Yes, that's correct, the other option you could record Kinde user IDs in the database and know which user to add to an organization right away without calling the API.
93 replies
KKinde
•Created by __maxom__ on 3/1/2025 in #💻┃support
Adding an existing Kinde user to a new organisation
Generally speaking Kinde operates with user ID as a unique identifier, as emails could change and are not very reliable as IDs. When you call the API to create a user and an existing user with the same email identity already exists, you'd get an error back.
Kinde doesn't yet have a hosted user invite flow, it needs to be done via the API at the moment.
93 replies
KKinde
•Created by __maxom__ on 3/1/2025 in #💻┃support
Adding an existing Kinde user to a new organisation
It is possible to filter users by email address via the API, here's the endpoint
https://docs.kinde.com/kinde-apis/management/#tag/users/get/api/v1/users93 replies
KKinde
•Created by __maxom__ on 3/1/2025 in #💻┃support
Adding an existing Kinde user to a new organisation
Hi @maxom, I'm catching-up on your use-case, let me describe the data model Kinde uses to manage multi-tenancy first.
In Kinde a user has a primary ID, starts with
kp_, which is unique across your environment.
A user can be associated starting from zero to many identities which are used for authentication. As an example user A can have an email identity and a Google social identity associated with them. Both those identities are uniquely identifying the user and cannot be attached to any other users.
Then a user could belong to zero up to many organizations, which control multi-tenancy and user authorization.
When you are referring to creating a user in the organization, it's more like adding an existing user to an organization.
Ideally, you would have a record of the Kinde user ID in the database, and when inviting you could add that user to a separate organization.93 replies
KKinde
•Created by ImJay on 1/18/2025 in #💻┃support
504 Errors
We identified an issue and deployed the fix, please notify us if you see any unwarranted error codes. We are monitoring for any re-occurrences.
12 replies
KKinde
•Created by ImJay on 1/18/2025 in #💻┃support
504 Errors
We are investigating the issues with 504 errors, will keep updating.
12 replies
KKinde
•Created by dachsteinhustler on 10/14/2024 in #💻┃support
what are the rate limits of SSO providers when using the Kinde credentials?
@dachsteinhustler it's better when you create the applications you own for multiple reasons:
- in case Kinde-provided application stops working for some reason (banned by the provider for example), your users will not be able to authenticate until we fix it on Kinde's side. With your own application, not only the risk of this happening is smaller, you are also in the full control of any visual customizations the provider gives you. One of those, for Google for example, you'll see your application's logo and the domain instead of kinde.com.
- another reason, for Apple for example, if you use Kinde-provided application, you wouldn't be able to migrate users from Kinde app to your app, as Apple just doesn't provide this as an option for the subset of users.
Rate limiting doesn't change depending if it's your application or Kinde provided it, the only change is risk that you are decreasing by creating your own apps.
7 replies
KKinde
•Created by Marcos Knopp on 8/22/2024 in #💻┃support
Problems getting a new refreshToken
@Marcos Knopp you will get the same access token, until it expires. Kinde maintains the active OIDC session, rather then maintaining the freshness of the data for each refresh token. This aligns closer to the OIDC standard specifying the token claims should be quite static during the active session.
You have 2 options to influence this behavior:
1. chane the access token TTL in settings to lower TTL, which make the token shorter-lived as a compromise
2. use the refresh claims API endpoint after any major modificastions to the user you'd like to be included during the next token refresh. This will force the next refresh to update the access token with the current user data (https://kinde.com/api/docs/#refresh-user-claims-and-invalidate-cache)
7 replies
KKinde
•Created by jamie on 3/29/2024 in #💻┃support
Unable to make a POST request to retrieve a token with `grant_type` of `authorization_code`
@jamie the golang SDK is in a non-shareable state yet, which parts are you interested in contributing to?
37 replies
KKinde
•Created by bozo on 3/19/2024 in #💻┃support
Language on default layout
Just to make sure, are the necessary languages enabled in the Kinde configuration? It is not going to switch if the language is not enabled.
20 replies
KKinde
•Created by Pablo More on 3/20/2024 in #💻┃support
Personal account and organizations
This is an interesting question @Pablo More, is this something like a concept of a primary organization for a user?
5 replies
KKinde
•Created by internetjohnny on 12/23/2023 in #💻┃support
Dangerous Site Warning using custom subdomain
We've seen this before when an antivirus substituted the certificate on the local machine.
Technically antivirus becomes a man-in-the-middle in order to scan unencrypted traffic. Could you check the details of the certificate? The issuer should be
Let's Encrypt, issued to your sub-domain.11 replies
KKinde
•Created by internetjohnny on 12/20/2023 in #💻┃support
Generating Access Tokens
For the long-running user sessions, you could use refresh tokens with the offline scope. https://kinde.com/docs/developer-tools/refresh-tokens/
11 replies
KKinde
•Created by internetjohnny on 12/20/2023 in #💻┃support
Generating Access Tokens
The access tokens generated via the client credentials are machine-to-machine tokens and won’t include the user subject. I’m not sure what you are after, but include the user part as well. For API authorization on user’s behalf, you’d need to register and enable the API in Kinde UI, then request the API’s audience as one of the auth parameters. This will include the API audience into the user token, which you can validate in you APIs.
11 replies
KKinde
•Created by internetjohnny on 12/17/2023 in #💻┃support
Difference between M2M API and Back-end API
You can use backend app to interact with the Kinde API, you only need to enable the API in settings. M2M app is optional, in case you would want separation, or pure machine-to-machine setup.
8 replies