Random error when trying to authenticate - ExpressJS backend with DynamoDBStore + React frontend
I'm running a REST API with an ExpressJS that runs kinde-node-express with a DynamoDBStore and a React frontend.
The login process is simply the frontend href to the /login route of my backend, which then handles the the entire flow (sends the user to kinde's authentication flow, and then redirects back to my backend). I can't seem to go past the protectRoute function - not sure if validateToken fails or what.
The main issue is that this occurs "randomly" when I make changes to my frontend and then try to login or when I logout from 1 user and login from a different user from the same browser. This doesn't happen all the time, so I can't pinpoint the problem & reproduce the bug consistently.
Moreover, sometimes when I try to login and it doesn't work, it will work after a few more times, sometimes 1 more time and sometimes 4-5 more times.
Another thing I noticed is that it could also work if I restart my backend (which is a very bad solution by the way).
Is this problem known? Was there a fix at later version of
kinde-node-express or its dependencies? I'm currently using version 1.6.0 and jwt-validator is 0.1.01 Reply
Hey Ricer,
Thanks for reach out. to get to the bottom of this “random” protectRoute failure I’m going to need a few more details—especially around your SDK and session config—so we can reproduce the exact conditions. Could you share: 1. SDK versions - Exact version of @kinde-oss/kinde-node-express (you mentioned 1.6.0—please confirm) - Exact version of jwt-validator - Node.js version you’re running 2. DynamoDBStore configuration - The snippet where you initialize your session store (DynamoDB table name, TTL settings, region, any custom serializer) - Are you using the built‑in AWS SDK or pinning to a specific aws-sdk version? 3. protectRoute setup & errors - The code around your
Thanks for reach out. to get to the bottom of this “random” protectRoute failure I’m going to need a few more details—especially around your SDK and session config—so we can reproduce the exact conditions. Could you share: 1. SDK versions - Exact version of @kinde-oss/kinde-node-express (you mentioned 1.6.0—please confirm) - Exact version of jwt-validator - Node.js version you’re running 2. DynamoDBStore configuration - The snippet where you initialize your session store (DynamoDB table name, TTL settings, region, any custom serializer) - Are you using the built‑in AWS SDK or pinning to a specific aws-sdk version? 3. protectRoute setup & errors - The code around your
protectRoute (or verifier) middleware—especially how you call validateToken
- Full stack trace or HTTP status/code you see when it fails (403? 500? socket timeout?)
- Any console.log of req.headers or the raw token when it rejects
4. Repro steps & environment
- Does this only happen after you change the React build? When you clear cookies? When you switch users?
- Are you running locally (localhost), in Docker, or deployed to a cloud environment?
- Browser you’re testing in and any proxy in‑between (CORS or reverse proxy)?
With those details we can:
- Check if it’s a caching issue (JWKs not refreshing after logout)
- See if your DynamoDB session TTL is expiring too quickly or table permissions are flipping
- Pinpoint whether your cookie/name/path/domain is colliding when you flip users in the same session
Once you post those snippets and logs I’ll reproduce it on my end and we’ll get you a targeted fix (or point you to the upgrade where it’s already been resolved). Thanks
Hi Ricer,
Just wanted to follow up and see if you had a chance to gather the requested details regarding the random protectRoute failures.
Otherwise, I’ll proceed with closing the ticket, please feel free to share the information when you’re ready, and we’ll continue to troubleshoot.