K
Kindeβ€’7mo ago
Eranga

Trouble handling callback from SSO always returns 400

I'm a bit stuck in this section https://kinde.com/docs/developer-tools/using-kinde-without-an-sdk/#handling-the-callback in the documentation. When I send the POST request to oauth2/token from Postman, I get a 400 status code everytime. I am also using PKCE verification. I use this https://tonyxu-io.github.io/pkce-generator/ to generate the code challenge and my code verifier is code_verifier. This is my URL for creating the SSO login for our users: https://novade.kinde.com/oauth2/auth?response_type=code&client_id=279d4ec6490d402b817c4d7aec122373&redirect_uri=https://lite-staging.novade.net/login-sso&scope=openid+profile+email&state=abcdeftgh&code_challenge_method=S256&code_challenge=73oehA2tBul5grZPhXUGQwNAjxh69zNES8bu2bVD0EM This is the URL, I try to send a POST request to and get 400: https://novade.kinde.com/oauth2/token?grant_type=authorization_code&client_id=279d4ec6490d402b817c4d7aec122373&redirect_uri=https://lite-staging.novade.net/login-sso&code=XKRMtXK-SM4SorkGIZ2pJqycIXmY_EJfuEjk18yXBgU.jvdQuoUBYfJVk7Bm2JfW3S2KRu408iIlWzD2DrCBLLE&code_verifier=code_verifier Am I doing something wrong with PKCE verification? Or any suggestion?
Kinde
Kinde
App infrastructure as a service.
Kinde Docs
Using Kinde without an SDK - Developer tools - Help center
Our developer tools provide everything you need to get started with Kinde.
7 Replies
onderay
onderayβ€’7mo ago
Sorry to see that you hit a snag with getting Kinde working. I will get a more experienced team member to help with this, but this is my inital thoughts on what might be happen. One thing that stands out is that you're sending the parameters in the URL of your POST request. For the token request, these parameters should be sent in the body of the request, not the URL. Here's an example of how your request should look like: POST /oauth2/token HTTP/1.1 Host: novade.kinde.com Content-Type: application/x-www-form-urlencoded grant_type=authorization_code& client_id=279d4ec6490d402b817c4d7aec122373& redirect_uri=https://lite-staging.novade.net/login-sso& code=XKRMtXK-SM4SorkGIZ2pJqycIXmY_EJfuEjk18yXBgU.jvdQuoUBYfJVk7Bm2JfW3S2KRu408iIlWzD2DrCBLLE& code_verifier=code_verifier
Eranga
Erangaβ€’7mo ago
Ah, I see. In your doc it rather seemed like a single URL Let me try this quick This is the cURL request for the same as you suggested 
curl --location 'https://novade.kinde.com/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data '{
    "grant_type": "authorization_code",
    "client_id": "279d4ec6490d402b817c4d7aec122373",
    "redirect_uri":"https://lite-staging.novade.net/login-sso",
    "code":"XKRMtXK-SM4SorkGIZ2pJqycIXmY_EJfuEjk18yXBgU.jvdQuoUBYfJVk7Bm2JfW3S2KRu408iIlWzD2DrCBLLE",
    "code_verifier":"code_verifier"
}'
curl --location 'https://novade.kinde.com/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data '{
    "grant_type": "authorization_code",
    "client_id": "279d4ec6490d402b817c4d7aec122373",
    "redirect_uri":"https://lite-staging.novade.net/login-sso",
    "code":"XKRMtXK-SM4SorkGIZ2pJqycIXmY_EJfuEjk18yXBgU.jvdQuoUBYfJVk7Bm2JfW3S2KRu408iIlWzD2DrCBLLE",
    "code_verifier":"code_verifier"
}'
Now it says me: {"error":"invalid_request","error_description":"The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Request parameter 'grant_type' is missing"} But I am sending the grant_type Can I also know if I send an invalid code_verifier value, will it still throw me 400 status code? My bad, I didn't send it as a form. Not I am getting some meaningful errors πŸ˜„ @Andre @ Kinde Thanks, now it works
onderay
onderayβ€’7mo ago
Great to hear that its working now @Eranga ! 1. No other errors? 2. What would you of improved in our docs?
Eranga
Erangaβ€’7mo ago
@Andre @ Kinde Sorry for the late reply. I had other errors but they were actually issues on my end since this was my first time trying out SSO. To be honest, I was in a hurry to implement SSO using Kinde because I did it for a hackathon in my company. So I had like 1 day for doing everything. I guess you guys are doing a great job in terms of making SSO pretty smooth for developers like us
Eranga
Erangaβ€’7mo ago
So to answer your 2nd question, I believe I was a bit mislead by https://kinde.com/docs/developer-tools/using-kinde-without-an-sdk/#handling-the-callback request description. Maybe it is me, but I felt like I should have made a POST request with every parameter set as query parameters.
Kinde Docs
Using Kinde without an SDK - Developer tools - Help center
Our developer tools provide everything you need to get started with Kinde.
Eranga
Erangaβ€’7mo ago
I would recommend adding proper API request documentation there so there is no ambiguity there Not related to your docs, but as a feature request I believe it will be very nice if we can integrate the SSO in our own UI without redirecting to your UI (I know you guys have already thought about it and working on it). This was discussed in our hackathon and came as a feedback for me. The main reason was that we don't have control over what we can show in that UI. Another thing that was discussed is the recent incident with Okta (another player in Auth0 - you probably know them πŸ˜‰ ) where it got hacked and customer information was leaked. So, our company is very cautious about using 3rd party providers when it comes to user data. This is something I believe every company guarantees to its customers but there is going to be unfortunate events like that happening everyday. I think you have this on your website but almost at the end of your site. Since you are all about authentication and authorisation which is about securing stuff, you might want to rank the security of the system a bit higher. Again, I am very happy with the support you provided throught my development. Good luck 🀞 Oh, and one other thing. I noticed that if I add "Microsoft AD" as an Enterprise Identity provider and if I am already logged in, I don't get a chance to select which account I need to log in from. I could have more than one Microsoft accounts. This could also be me being a novice to this IAM domain. So if this is already handled, just forget about this.
onderay
onderayβ€’6mo ago
A big thanks for all the feedback @Eranga , please keep it coming as we are always looking at ways to improve the product and docs.
Want results from more Discord servers?
Add your server
More Posts
kinde_flutter_sdk not being recognisedHello, I'm trying to use Kinde on my Flutter web app. I am mostly testing my web app using MacOS whesign outHey there. I'm trying out Kinde and it has been going great. I have a problem signing out users thoNextJS App Router Error out in middlewareHello, I've been working on implementing Kinde Auth within the Next.js app router using middleware.User Audit LogsI can see that Kinde offers a basic Audit Log (see screenshot, docs: https://kinde.com/docs/user-manhttps://kinde.com/pricing/ M2M tokens questionCan I please double check my understanding of your pricing? The Kinde pricing page says that 2000 M2Design bugsHello, is this intended to set up the login for in different color than background? It does not lookHelp in Vercel DeploymentI don't know if the error was generated by Kinde but it's right after and before the log error on veKinde TypeScript type in Next.js middlewareHi, With Next.js 14 and TypeScript, may I know how can I specify the type for `req` so that it recogNew Application EnvironmentsI'm trying to figure out the correct workflow when setting up a new application and i'm a little conIntegrating Kinde to AstroI tried to integrate the kinde authentication to my Astro project using the typescript-sdk the login