Validating JWT tokens for non-OAuth mechanisms
Kinde supports non-OAuth mechanisms such as https://kinde.com/docs/authentication-and-access/azure/ (WS-Federation) and https://kinde.com/docs/authentication-and-access/custom-saml/.
Does Kinde take care of authenticating these logins and then convert the result into a JWT, or does my application need to also worry about handling these other kinds of credentials? Basically, if I follow https://kinde.com/docs/developer-tools/verifying-json-web-tokens/, will I be able to validate logins for users that completed their login using one of these non-OAuth mechanisms?
Kinde Docs
MS Azure AD enterprise authentication - Authentication and access -...
Our developer tools provide everything you need to get started with Kinde.
Kinde Docs
Custom authentication with SAML - Authentication and access - Help ...
Our developer tools provide everything you need to get started with Kinde.
1 Reply
Hi @Martin ,
Thanks for asking all these questions.
Keep the questions coming through.
After the user is authenticated, Kinde will issue a JWT (JSON Web Token) that your application can use. This means that even if the user logs in using one of these non-OAuth mechanisms, your application will still receive a JWT from Kinde.
So, if you follow the guide on Verifying JSON Web Tokens ( https://kinde.com/docs/developer-tools/verifying-json-web-tokens/), you will be able to validate logins for users that completed their login using one of these non-OAuth mechanisms. The process of verifying the JWT remains the same, regardless of the authentication method used.
Remember, the JWT contains information about the user and can be used to make authenticated requests on behalf of the user. Always ensure to validate the JWT to confirm that the request is coming from an authenticated user.
Let me know if you have any other questions.