Mac Application
Is there any documentation or anything I can read about doing authentication on mac application.
I am using todesktop app, and everytime i use google oauth, the callback doesn't redirect me. I also use sveltekit
3 Replies
Hi there,
Thanks for reaching out. You might want to check out Kinde’s documentation, particularly the section on the SvelteKit SDK — since you mentioned using SvelteKit, it could be quite helpful.
It's possible there’s a setup issue with the redirect URIs in your OAuth flow. Make sure the URIs match exactly — even a small mismatch can cause problems. Also, double-check your URL and cookie settings to ensure everything is configured correctly.
If the issue persists after reviewing these, it may be worth digging into SvelteKit’s settings related to cookies and redirects for more insights.
Let me know if you have any questions — happy to help further
can you deeplink? ie application://
The problem specifically is that it sets the session, but then returns a 500: {"message":"An unexpected error occurred","errorId":"6f4543a1-ad66-47a5-aa4c-355f1553713a","stack":{"stack":"Error: Authentication flow: Received: f72a3d8e3e08e29888f4899fb6ac | Expected: State not found\n at AuthorizationCode
Which then prevents the redirect
Hi, there
The error you're seeing —
Expected: State not found — typically means the state parameter saved at the start of the OAuth flow can’t be validated at the callback stage. This usually happens because the state is stored in a cookie that’s scoped to a specific domain, and if the redirect doesn't come back through the browser (as with application:// schemes), the cookie never arrives — leading to that mismatch.
At the moment, the Kinde SvelteKit SDK relies on browser-based redirects over HTTPS. That means custom schemes like application:// aren’t supported out of the box, since they bypass the browser’s ability to return the necessary session state.
Instead of deep linking, use the loopback interface method, where you spin up a temporary local HTTP server in your app (e.g. http://127.0.0.1:PORT/callback), launch the system browser for login, and catch the redirect with your app. This keeps the OAuth flow secure and lets the app handle the callback properly without breaking the state check.
Let me know if you’d like help setting that up, or if you want to explore manually implementing the Authorization Code + PKCE flow to have more control in your native context.
Happy to support further