K
Kinde6mo ago
internetjohnny

Generating Access Tokens

I'm using the Kinde Management API. I've run into an issue where the Bearer Token (access token) I've generated in Postman expires after 24 hours. I understand that I can solve this by generating a new one for each API request that I want to perform, but I cannot figure out how to do so. The documentation (https://kinde.com/docs/build/get-access-token-for-connecting-securely-to-kindes-api/) for generating one through Postman is really thorough, but the NodeJS one isn't that much. Could you guys expand on the existing Node.js fetch example documentation? What should I do with the response in order to get the access token?
No description
9 Replies
internetjohnny
internetjohnny6mo ago
Solved this way, if anyone else struggles with this issue: 
export async function getAccessToken() {
    const issuerURL = process.env.KINDE_ISSUER_URL;
    const clientID = process.env.KINDE_CLIENT_ID;
    const clientSecret = process.env.KINDE_CLIENT_SECRET;
   
    if (!issuerURL) {
      throw new Error('KINDE_ISSUER_URL is not defined');
    } else if (!clientID) {
      throw new Error('KINDE_CLIENT_ID is not defined');
    } else if (!clientSecret) {
      throw new Error('KINDE_CLIENT_SECRET is not defined');
    }
   
    const headers: Record<string, string> = {
        'Content-Type': 'application/x-www-form-urlencoded',
    };
    const authHeader = `Basic ${Buffer.from(
        `${clientID}:${clientSecret}`
    ).toString('base64')}`;
    headers['Authorization'] = authHeader;

    const requestBody = new URLSearchParams();
    requestBody.append('grant_type', 'client_credentials');

    fetch(`${issuerURL}/oauth2/token`, {
        method: 'POST',
        headers: headers,
        body: requestBody,
    })
        .then((response) => response.json())
        .then((data) => {
            // Access token obtained successfully
            const accessToken = data.access_token;
            console.log('Access Token:', accessToken);
        })
        .catch((error) => {
            console.error('Error:', error.message);
        });
}
export async function getAccessToken() {
    const issuerURL = process.env.KINDE_ISSUER_URL;
    const clientID = process.env.KINDE_CLIENT_ID;
    const clientSecret = process.env.KINDE_CLIENT_SECRET;
   
    if (!issuerURL) {
      throw new Error('KINDE_ISSUER_URL is not defined');
    } else if (!clientID) {
      throw new Error('KINDE_CLIENT_ID is not defined');
    } else if (!clientSecret) {
      throw new Error('KINDE_CLIENT_SECRET is not defined');
    }
   
    const headers: Record<string, string> = {
        'Content-Type': 'application/x-www-form-urlencoded',
    };
    const authHeader = `Basic ${Buffer.from(
        `${clientID}:${clientSecret}`
    ).toString('base64')}`;
    headers['Authorization'] = authHeader;

    const requestBody = new URLSearchParams();
    requestBody.append('grant_type', 'client_credentials');

    fetch(`${issuerURL}/oauth2/token`, {
        method: 'POST',
        headers: headers,
        body: requestBody,
    })
        .then((response) => response.json())
        .then((data) => {
            // Access token obtained successfully
            const accessToken = data.access_token;
            console.log('Access Token:', accessToken);
        })
        .catch((error) => {
            console.error('Error:', error.message);
        });
}
ev_kinde
ev_kinde6mo ago
The access tokens generated via the client credentials are machine-to-machine tokens and won’t include the user subject. I’m not sure what you are after, but include the user part as well. For API authorization on user’s behalf, you’d need to register and enable the API in Kinde UI, then request the API’s audience as one of the auth parameters. This will include the API audience into the user token, which you can validate in you APIs.
ev_kinde
ev_kinde6mo ago
For the long-running user sessions, you could use refresh tokens with the offline scope. https://kinde.com/docs/developer-tools/refresh-tokens/
Kinde Docs
Refresh tokens - Developer tools - Help center
Our developer tools provide everything you need to get started with Kinde.
internetjohnny
internetjohnny6mo ago
I'm simply trying to provision a user using the Kinde Management API. I would prefer to use the Kinde hosted UI to let a user create their account, but my specific use-case requires me to also create a user in my own database. And since Kinde Event Hooks is not accessible yet, I have to do it through the Management API. Would be great if there was some sort of abstraction on top of the Access Tokens, because all this is so confusing and complicated... Is there any ETA for Event Hooks being in Beta?
onderay
onderay6mo ago
We have a pre beta setup that connects with Zapier. Would you be open to using that? Event Hooks will be mid to late Q1 2024
internetjohnny
internetjohnny6mo ago
Yeah, would love to try it out!
Oli - Kinde
Oli - Kinde6mo ago
Hey @internetjohnny, You can add the Kinde Zapier app (currently invite only) to your Zapier account using the following url: https://zapier.com/developer/public-invite/184402/d344c8c1953343fed6b6f36df02e733d/ Also have a read of the following related doc: Zapier App - Event Hooks (Beta)
Kinde on Notion
Zapier App - Event Hooks (Beta) | Built with Notion
Connect Zapier to Kinde
internetjohnny
internetjohnny6mo ago
Thank you!
Oli - Kinde
Oli - Kinde6mo ago
Pleasure. As this feature is in beta, please don't hesitate to reach out with any feedback you have (the good, the bad, the ugly).
Want results from more Discord servers?
Add your server
More Posts
Type definations for nofe express alpHi kinde support team i am getting this error is there any fix or work arround? 2. Is custom claimUnable to Complete Login Process - Authentication ErrorI'm reaching out for assistance with an issue I'm encountering during the login process. I've succesAudit log missing detailsI'm seeing some audit log entries with missing details. Is this a bug?Automatically set token in headerFrom my understanding in "normal" .net authentication flow the back-end authenticates user based on HTTP 429 Too Many RequestsMy application makes some calls to the Kinde API from our backend. On Tuesday at 1:24pm (UTC) we sawError ID_REQUIRED when calling POST /v1/userI am trying to use the Kinde Management API to create a new user. I have already configured everythDifference between M2M API and Back-end APII'm following the Kinde docs (https://kinde.com/api/docs/#kinde-management-api) to use the ManagemenMalformed auth_urlHey need some assistance here, I've been stuck here for days. I've deployed a rails application on wUpdating a User: changing email addressI'm looking into the Management API to figure out how to update a user's email, if they want to chanHow to get Kinde user id after a User creates their account?If I want to create a record in my own database once a user creates an account using Kinde, how do I