Random error when trying to authenticate - ExpressJS backend with DynamoDBStore + React frontend
I'm running a REST API with an ExpressJS that runs kinde-node-express with a DynamoDBStore and a React frontend.
The login process is simply the frontend href to the /login route of my backend, which then handles the the entire flow (sends the user to kinde's authentication flow, and then redirects back to my backend). I can't seem to go past the protectRoute function - not sure if validateToken fails or what.
The main issue is that this occurs "randomly" when I make changes to my frontend and then try to login or when I logout from 1 user and login from a different user from the same browser. This doesn't happen all the time, so I can't pinpoint the problem & reproduce the bug consistently.
Moreover, sometimes when I try to login and it doesn't work, it will work after a few more times, sometimes 1 more time and sometimes 4-5 more times.
Another thing I noticed is that it could also work if I restart my backend (which is a very bad solution by the way).
Is this problem known? Was there a fix at later version of
kinde-node-express or its dependencies? I'm currently using version 1.6.0 and jwt-validator is 0.1.01 Reply
Hey Ricer,
Thanks for reach out. to get to the bottom of this “random” protectRoute failure I’m going to need a few more details—especially around your SDK and session config—so we can reproduce the exact conditions. Could you share: 1. SDK versions - Exact version of @kinde-oss/kinde-node-express (you mentioned 1.6.0—please confirm) - Exact version of jwt-validator - Node.js version you’re running 2. DynamoDBStore configuration - The snippet where you initialize your session store (DynamoDB table name, TTL settings, region, any custom serializer) - Are you using the built‑in AWS SDK or pinning to a specific aws-sdk version? 3. protectRoute setup & errors - The code around your
Thanks for reach out. to get to the bottom of this “random” protectRoute failure I’m going to need a few more details—especially around your SDK and session config—so we can reproduce the exact conditions. Could you share: 1. SDK versions - Exact version of @kinde-oss/kinde-node-express (you mentioned 1.6.0—please confirm) - Exact version of jwt-validator - Node.js version you’re running 2. DynamoDBStore configuration - The snippet where you initialize your session store (DynamoDB table name, TTL settings, region, any custom serializer) - Are you using the built‑in AWS SDK or pinning to a specific aws-sdk version? 3. protectRoute setup & errors - The code around your
protectRoute (or verifier) middleware—especially how you call validateToken
- Full stack trace or HTTP status/code you see when it fails (403? 500? socket timeout?)
- Any console.log of req.headers or the raw token when it rejects
4. Repro steps & environment
- Does this only happen after you change the React build? When you clear cookies? When you switch users?
- Are you running locally (localhost), in Docker, or deployed to a cloud environment?
- Browser you’re testing in and any proxy in‑between (CORS or reverse proxy)?
With those details we can:
- Check if it’s a caching issue (JWKs not refreshing after logout)
- See if your DynamoDB session TTL is expiring too quickly or table permissions are flipping
- Pinpoint whether your cookie/name/path/domain is colliding when you flip users in the same session
Once you post those snippets and logs I’ll reproduce it on my end and we’ll get you a targeted fix (or point you to the upgrade where it’s already been resolved). Thanks