Invalid Token Error
In my next.js application i am using next server actions for my api routes protected my kinde. I have mainly 4 routes get, get/id, edit and delete. All the routes work fine except the edit one where it gives me this error:
Note that my kinde debug mode is set to true.
10 Replies
Just to give an idea of my code and workflow im attaching the code
Modal.jsx worker method
sendUpdateReceipt.js
middleware.js
/api/receipts/edit/[id]/route.js
I'm not familiar with Next.js sorry. But have you checked in DevTools that your app is sending across the exact same header for the edit requests as it is for the other requests? I don't believe Kinde is going to care what type of web method is called unless you're using API scopes.
Yes I am sending the exact same header for the edit requests. I’ve named it
x-kinde-token
. Even when I log the token in the middleware the token and tye resultant decoded header both get logged. And after the middleware I don’t really have a auth check for this route. So idk where is this extra getUser check being made and instead of a 200 I get a 405 method not allowedHi @readme ,
Thank you for providing the detailed context and code. I wanted to check in first—are you still facing the issue with the Invalid Token Error on the edit route?
If yes, here are a few clarifications and suggestions to help us troubleshoot further:
405 Method Not Allowed:
This indicates the HTTP method (POST) might not be recognized for the endpoint /api/auth/login. Could this request be redirecting incorrectly? If possible, log the request URL and headers on both client and server sides to confirm.
Token Decoding Issue:
Since you mentioned the token is logged successfully in middleware, the error could arise in subsequent steps (like token verification or backend usage). Have you verified if the token is valid at the exact point it’s passed to /api/receipts/edit/[id]?
Middleware Token Validation:
Could you confirm if the middleware is applying any additional restrictions (like roles or scopes) for the edit route that may differ from get, delete, etc.?
Kinde Debug Logs:
Since debug: true is enabled, any additional logs from Kinde’s SDK might give hints on where the invalid token check is happening.
Let me know if you need further assistance—I’d be happy to dig deeper
Yes i'm still facing that same issue. I also updated my next js to version 15. after logging the headers I am seeing the token and the headers begin logged. I am attaching the logged result.
i do not have any token verification configured for this route after the middleware stage. Also after updating as you can see the message has changed to
getUser [TypeError: Cannot read properties of null (reading 'sub')]
. Which could mean that the wherever this additiional step is taking place it is returing null
after decoding the token.
after the middleware i directly have my route.js
i have also verified that the token is valid by copy pasting my token to the kinde jwt decoder website.i've likely found the issue. after building the application using command
npm run build
i noticed that the /api/receipts/edit/[id]
folder is not being included in the build. This could be the reason. What do you think?nvm i found the error @Ages @TotalScrub I named my file
route..js
instead of route.js
. You can close this thread now. Thank you for your help.Hi @readme ,
I'm glad to hear the issue has been resolved! If there's anything else you'd like assistance with or any additional details you'd like to discuss, please don't hesitate to reach out. If this resolves your query for now, we'll consider this matter closed.
Looking forward to your response!
Thank you,
Ages