K
Kinde3mo ago
bed sores

Authentication error

I set up a new Rails app using the ruby SDK and I'm getting Authentication error when trying to log in. I see that the user does get registered, but I can't log in for some reason. I get as far as entering confirmation code. I've triple checked my app config (which is more or less the default) and callback URLs and everything seems correct.
7 Replies
Oli - Kinde
Oli - Kinde3mo ago
Hi @bed sores, Sorry to hear you are experiencing this issue. Would you be willing to share a recording (or screenshot) of your issue? You can DM me this if you prefer. Also, if you are willing to do so, would you be willing to download the Ruby starter kit and see if you are experiencing the same issue?
GitHub
GitHub - kinde-starter-kits/ruby-starter-kit: Get up and going with...
Get up and going with Kinde using Ruby. Contribute to kinde-starter-kits/ruby-starter-kit development by creating an account on GitHub.
bed sores
bed sores3mo ago
@Oli - Kinde DM sent. i was basing mine off that starter kit example but will try and run it and let you know what happens. i get a different error when running the starter kit: {"error":"invalid_request","error_description":"The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Redirect URL is using an insecure protocol, http is only allowed for hosts with suffix 'localhost', for example: http://myapp.localhost/."} could be that, for some reason, it's just hiding the error in my setup? will try and use localhost and see if that fixes it hm, nope. so just using localhost fixed the starter kit, but my app stil results in Authentication error. made a bit of progress, i think. 
                                                           HTTP/1.1 403 Forbidden
18:27:40 web.1  | Date: Mon, 11 Mar 2024 01:27:40 GMT
18:27:40 web.1  | Content-Length: 0
18:27:40 web.1  | Connection: keep-alive
18:27:40 web.1  | Vary: Origin
18:27:40 web.1  |
18:27:40 web.1  | Connection #0 to host app.kinde.com left intact
18:27:40 web.1  | ETHON: performed EASY effective_url=https://app.kinde.com/oauth2/user_profile response_code=403 return_code=ok total_time=0.608534
18:27:40 web.1  | HTTP response body ~BEGIN~
18:27:40 web.1  |
18:27:40 web.1  | ~END~
18:27:40 web.1  |
18:27:40 web.1  | Completed 500 Internal Server Error in 894ms (ActiveRecord: 0.0ms | Allocations: 6960)
                                                           HTTP/1.1 403 Forbidden
18:27:40 web.1  | Date: Mon, 11 Mar 2024 01:27:40 GMT
18:27:40 web.1  | Content-Length: 0
18:27:40 web.1  | Connection: keep-alive
18:27:40 web.1  | Vary: Origin
18:27:40 web.1  |
18:27:40 web.1  | Connection #0 to host app.kinde.com left intact
18:27:40 web.1  | ETHON: performed EASY effective_url=https://app.kinde.com/oauth2/user_profile response_code=403 return_code=ok total_time=0.608534
18:27:40 web.1  | HTTP response body ~BEGIN~
18:27:40 web.1  |
18:27:40 web.1  | ~END~
18:27:40 web.1  |
18:27:40 web.1  | Completed 500 Internal Server Error in 894ms (ActiveRecord: 0.0ms | Allocations: 6960)
this is seemingly coming from KindeSdk.client(session[:kinde_auth]).oauth.get_user.to_hash in the after login callback 
class AuthController < ApplicationController
  def login
    auth = KindeSdk.auth_url
    session[:code_verifier] = auth[:code_verifier]

    redirect_to auth[:url], allow_other_host: true
  end

  def after_login
    session[:kinde_auth] =
      KindeSdk
      .fetch_tokens(params['code'], code_verifier: session[:code_verifier])
      .slice(:access_token, :refresh_token, :expires_at)

    session[:kinde_user] = KindeSdk.client(session[:kinde_auth]).oauth.get_user.to_hash

    redirect_to root_path
  end

  def logout
    redirect_to KindeSdk.logout_url, allow_other_host: true
  end

  def after_logout
    reset_session

    redirect_to root_path
  end
end
class AuthController < ApplicationController
  def login
    auth = KindeSdk.auth_url
    session[:code_verifier] = auth[:code_verifier]

    redirect_to auth[:url], allow_other_host: true
  end

  def after_login
    session[:kinde_auth] =
      KindeSdk
      .fetch_tokens(params['code'], code_verifier: session[:code_verifier])
      .slice(:access_token, :refresh_token, :expires_at)

    session[:kinde_user] = KindeSdk.client(session[:kinde_auth]).oauth.get_user.to_hash

    redirect_to root_path
  end

  def logout
    redirect_to KindeSdk.logout_url, allow_other_host: true
  end

  def after_logout
    reset_session

    redirect_to root_path
  end
end
Oli - Kinde
Oli - Kinde3mo ago
Hey @bed sores, Thanks for all of this information. The 403 Forbidden error you're encountering when trying to fetch user information using KindeSdk.client(session[:kinde_auth]).oauth.get_user.to_hash suggests that there's an issue with the permissions or authentication of your request. This could be due to several reasons: 1. Invalid or Expired Access Token: Ensure that the access token you're using to make the request is valid and has not expired. The fetch_tokens method should provide you with a valid access token, but it's worth verifying that this token is correctly stored in session[:kinde_auth] and is being used properly in the request. 2. Insufficient Permissions: The access token must have the necessary permissions to access user information. Make sure that the scopes requested during the authentication process include permissions to access user profile data. By default, Kinde requests scopes like profile, email, offline, and openid. If you've customized the scopes, ensure that you're requesting the appropriate ones. 3. Configuration Issues: Double-check your Kinde SDK configuration to ensure that all required fields (such as domain, client_id, client_secret, callback_url, and logout_url) are correctly set up. Misconfiguration in any of these could lead to authentication issues. 4. Session Management: Verify that the session management in your Rails application is working as expected. Issues with session persistence or incorrect session data could lead to authentication errors. Given the code snippet you've shared, your implementation seems correct. However, you might want to add some error handling around the fetch_tokens and get_user calls to catch any issues and log them for further investigation. Please let me know if you are still experiencing issues.
bed sores
bed sores3mo ago
yeah sorry, still having the same issue. :/ not sure what to do about #1 if that were the issue. for #2, i'm asking for the default openid offline email profile, haven't customized it. #3, double checked and i'm setting everything. i'm def doing something wrong since the sdk example worked, i just don't know what actually logging in works, it's the KindeSdk.client().oauth.get_user that doesn't
Oli - Kinde
Oli - Kinde3mo ago
Hey @bed sores, We had a few customers reporting 403 errors and we just deployed a fix. Are you able to try again and see if you are still experiencing 403 errors?
bed sores
bed sores3mo ago
sweet, works now. thanks!
Oli - Kinde
Oli - Kinde3mo ago
Awesome great to hear. Please reach out if you come across any other issues.
Want results from more Discord servers?
Add your server
More Posts
Auth Mails go to SPAMDear Kinde Support, Every emails for authentification when creating users go to spam... Gmail saysi cant find kinde on zapierhttps://kinde.com/docs/developer-tools/zapier-event-hooks/ I cant find this on zapierNot receiving any emailsDear Kinde Support, unfortunately I am not receiving any emails for authentication when creating usenuxtHello Kinde Support, I hope this message finds you well. I am currently working on a project using Set a value property to the Kinde userHi guys, I'm looking for some help with this. Currently the flow we use would be like this: - The uSeamlessly integrating a separate marketing and application siteI have a bit of a weird setup in mind, might be looking for some guidance if possible. Currently, IIntegrating Convex with KindeHey, I am trying to implement custom authentication with convex. I have done as their documentation Empty permissions and no roles in jwt tokens.i am using Kinde for login in react/vite ( that works) and want to us eit for authorization in my flCreating users via Kinde APIHi there! Super new to Kinde and web development in general so apologies for my lack of knowledge inlogin front and backend with same tokenHi, I'm new using kinde and I'm surprised, it's great. My architecture is nuxt3 front and feathers