New Nuxt /api/access endpoint causing issues
Today I went and updated my
@nuxtjs/kinde package from 0.1.11 to 0.2. All of a sudden all of my routes were failing as they were trying to access /api/access which I'd never seen before and isn't one of my routes. I eventually found the route in the source code of your Nuxt SDK.
Also, unlike the other endpoints I can't see any documentation on this new endpoint.
Now in my setup I have a global catch-all [..].ts file which I use as a proxy between Nuxt and my .NET API. It's job is basically to take the user's request pointing to my Nuxt server and via a Nitro proxy redirect it to my .NET API and add the Kinde bearer token to the header.
What is strange is that the other Kinde SDK endpoints do not trigger the proxy. (E.g. /api/login, /api/logout /api/health. They go through your SDK normally. Is it possibly because they are GET methods, whereas this is a POST method?
I've tried to bypass this by getting my catchall file to either return undefined or to call sendProxy but it either returns no data (which isn't expected) or gives a bad gateway issue. I'll admit that this is possibly more an issue on my end around lack of knowledge of Nuxt / Nitro but I'd appreciate it if someone has a solution.32 Replies
Rolling back to 0.1.11 fixed the issue for me, but obviously that isn't a permanent solution.
Hi there
Thanks for reaching out. Since version
@nuxtjs/[email protected], a new POST route /api/access was added internally to handle session refresh. It’s not documented yet, but it’s required by the SDK.
If you’re using a catch-all API route like server/api/[...].ts, it might be blocking this and breaking the refresh flow.
You have 2 options:
A. Exclude /api/access from your proxy:
B. Remap the endpoints via nuxt.config.ts:
This avoids conflicts with /api/* routes.
Refs:
- NPM: https://www.npmjs.com/package/%40nuxtjs/kinde
- GitHub Release: https://github.com/nuxt-modules/kinde/releases
- Docs: https://docs.kinde.com/developer-tools/sdks/backend/nuxt-module/
Let me know if this helps or if you need more infoThanks, currently working on something else, but I'll give Option B a go later.
Option A doesn't work as the endpoint always returns an empty value which is not what the Kinde SDK is expecting.
Hi there
Try Option B as soon as you’re free—this is the most foolproof way to avoid any future
Let me know the outcome or share any logs/errors you see—happy to dive deeper with you
Try Option B as soon as you’re free—this is the most foolproof way to avoid any future
/api/* conflicts. If you’d prefer Option A but still see empty responses, double‑check that your if (path.startsWith('/api/access')) return is above any await sendProxy(...) logic, and that you’re not inadvertently sending a response body.
Let me know the outcome or share any logs/errors you see—happy to dive deeper with you
I would also vastly prefer Option B as it would give better future proofing.
Neither option worked. Option B still tries to go through my proxy.
That said, I also realised I probably need to change my
.env settings and the documentation and code don't make it clear to me what variable I should be changing to use the new routes.
I tried NUXT_KINDE_ACCESS_URL but it doesn't seem to work.
I can see that remapping the endponts doesn't go through my proxy so I'm feelilng confident once I get the environment mapping in place that should resolve the issue for me.Hi there,
Thanks for the update. Regarding your point: currently, remapping Kinde endpoints via the
kinde.endpoints option in nuxt.config.ts only changes the public paths exposed by the SDK. It doesn't rely on specific .env variables like NUXT_KINDE_ACCESS_URL for this purpose, so setting that won’t affect the routing.
That said, I understand the confusion and will raise this internally with our team to see if clearer environment mapping or documentation updates are needed.
In the meantime, feel free to reach out with any other questions or issues—we’re happy to helpIf we can't change the URL via the
NUXT_KINDE_ACCESS_URL then that's a blocker from me updating to the later versions of Kinde.
The only workaround I could do would be if I changed all of my APIs to use a different URL but that's a fair bit more work (e.g. instead of /api my APIs used /platform or something else.
I would argue that this is a public path as it's visible in the browser and hosted on my web servers.
I'm going to hold off upgrading for now, hopefully your team will get back to us to see if it's possible to enable the routing configuration.Hi there,
Thanks for sharing your concerns. I completely understand how this limitation with the
NUXT_KINDE_ACCESS_URL can be a blocker for your upgrade. I’ve already escalated this issue to our engineering team to investigate whether enabling routing configuration is possible.
As soon as I have more information, I’ll be sure to update you. In the meantime, if you need assistance with anything else, just let me know.Hi @Ages - Kinde did the engineering team get back to you about this?
Hi,
We’ve confirmed that the
You can modify your proxy handler like this: - Remap the Kinde SDK endpoints
You can avoid
/api/access endpoint introduced in @nuxtjs/[email protected] is used during client-side navigation to check access to protected pages. In our local testing, the endpoint is functioning as expected, so it appears the issue may be specific to your project setup, particularly if you're using a global catch-all API proxy like server/api/[...].ts.
To help resolve the issue, here are a few suggestions:
1. Please confirm that your server/api/[...].ts file is intercepting requests to /api/access. If it is, this may be the cause of the broken session refresh flow or unexpected 502/empty responses.
2. Solution Options
- Exclude /api/access from the catch-all routeYou can modify your proxy handler like this: - Remap the Kinde SDK endpoints
You can avoid
/api/* conflicts by explicitly setting custom endpoint paths in your nuxt.config.ts:
3. We’ll also be updating our documentation shortly to cover the /api/access endpoint and outline these recommendations to help avoid similar issues in the future.
Let me know how it goes, and don’t hesitate to reach out if you need further help.Hi @Ages - Kinde , with your proposed solutions:
1. Exclude - I'd already tried this, unfortunately the 'return' returns no data from Nitro / Nuxt which the Kinde SDK obviously doesn't like. It's not middleware in that we just skip that piece of the pipeline and go to the next one unfortunately 😦
2. Remap - Does not work. The access endpoint still goes to
/api/access even when configured with /kinde/access. (The login / register endpoints all worked with the kinde/ endpoints). As I stated earlier I believe that this is an inconsistency / bug and it would resolve my issue were the remapping for access to work.Hi @TotalScrub, thanks again for the detailed updates and really appreciate your persistence in troubleshooting this.
Would you mind sharing your nuxt.config.ts file (without any sensitive info)?
@Abdelrahman Zaki - Kinde see attached.
Hi @TotalScrub, thanks for sharing the config!
Just one small change needed — in your
routeRules, you’ll want to add an empty kinde object to any route so it looks like this:
This step is needed to properly register the /api/access endpoint. We know this isn’t obvious, and we’re actively working on making it more intuitive.
Once this is in place, there’s no need to remap the access endpoint or handle it specially in your proxy — the SDK will handle it as expected without conflicts.
Also worth noting: while remapping the access endpoint works across most of the SDK, we’ve found that the auth-logged-in middleware currently uses a hardcoded /api/access path. We're aware of this and working on a fix, but it won’t impact your current setup after the above change.
Let us know how you go!Unfortunately @Abdelrahman Zaki - Kinde the same behaviour continued after making your suggested changes to my Nuxt config. I also added
/api/access/** to the route rules with the same configuration. In each case my proxy server endpoint continued to receive a request for /api/access. I am pre-production so for now I think I'll just wait for the fix to the hard-coded path.Thanks for the update, @TotalScrub. Just to confirm, after updating your routeRules, did you also clear the Nitro build cache? Sometimes stale builds can prevent the new config from taking effect.
Try deleting the
.nuxt and node_modules/.cache folders, then rebuild your app. Let me know how you go.@Abdelrahman Zaki - Kinde I hadn't, but I did just now and unfortunately it's the same behaviour
Thanks for giving that a try @TotalScrub, really appreciate it.
We’ve actually replicated the setup on our end using a global catch-all proxy, and it worked as expected so there might be a subtle difference in config or behavior we’re missing.
If you’re happy to share your code (or a minimal reproduction), feel free to send it through via a support ticket or to [email protected]. That would really help us get to the bottom of it.
Let us know what works best!
Hi @Abdelrahman Zaki - Kinde thanks for trying to replicate. I quickly whipped up an app similar to mine to try and recreate the issue and I couldn't even get the call to /kinde/access to trigger, possibly because my replicated app is too simple. Can you advise under what conditions the
access endpoint will be called? E.g. role checks? This will help me to create a scenario that I can use to validate is an issue on my end or a reproducable example for your engineering team to investigate.Hi @TotalScrub, thanks for the update!
The access endpoint is triggered during client-side navigation, it checks whether the user has access to the target page.
Let us know how it goes or if you’d like a hand setting up a quick test!
Thanks @Abdelrahman Zaki - Kinde I have reproduced the issue in my sample app and it sent it off as email to your support team. It looks like it might have something to do with your inbuilt user authenticated middleware and possibly SSR / universal rendering.
Hi @TotalScrub, thanks for reproducing the issue and sending it over!
I had a quick look, and it seems the
.env file is using the Management API credentials (KINDE_DOMAIN, KINDE_MANAGEMENT_CLIENT_ID, and KINDE_MANAGEMENT_CLIENT_SECRET). For the Nuxt SDK, you’ll need to use a backend app from your Kinde dashboard and update your .env like this:
A couple of key things to check:
- No need to set redirectUri in nuxt.config.ts, it’s handled via the env vars.
- In your protected.vue page, make sure you're using $auth not auth in the template.
- You don’t need to remap Kinde endpoints unless absolutely necessary. They're not affected by catch-all routes. That said, please avoid remapping /kinde/access for now, it’s currently hardcoded in the auth-logged-in middleware, and we’re working on a fix for that.
Happy to raise a PR in your repo and help you set it all up, just let me know!Thanks @Abdelrahman Zaki - Kinde I deliberately didn't include a .env file in my submission as it contains secrets, but yes that's how I manage the majority of my Kinde config.
That submission was something I got a LLM to generate based off my existing app, but it's completely seperate code, it was just a simple reproduction of the issue.
- Yes, my real app use the
.env for this
- I think the LLM did this because there isn't any TS definitions for $auth. In my real code I use ($auth as any) in order to get past TS compiler error / warnings. It would be great if Kinde could make the Nuxt SDK more TS friendly.
- My experience is different, my catch-all example IS intercepting /api/access for instance. That said it doesn't hit the other Kinde endpoints like /api/login.
As I mentioned to Ages in the email thread. For now I'm just going to stick with 0.11 of your SDK until the issue with the hard-coded path is fixed.Thanks for the update @TotalScrub and yep makes total sense to stick with
v0.11 for now.
I was mainly trying to offer a temp workaround until we get the hardcoded /api/access path fixed. Appreciate the feedback on TypeScript support and the catch-all behavior, I’ve passed both along to the team. We’ll let you know once the hardcoded /api/access path is fixed.
Thanks again for all the testing and detail, really helpful. Let us know if you need anything else!Any update on when this fix might be coming?
Thanks for checking in, @TotalScrub.
I’ll check with our team to see if there’s an ETA and get back to you as soon as I hear more. Really appreciate your patience!
Hi @TotalScrub, a new version of the Nuxt SDK has been released (v0.3.0) which includes the fix for the hardcoded
/api/access path along with a few other improvements. When you get a chance, kindly give it a try and let us know how it goes!
Happy to help if you run into anything.Awesome! I'll check it out over the next few days. Thanks for letting me know.
Hi @Abdelrahman Zaki - Kinde it doesn't look like this new version installs at all. Trying to install it (let alone run it) fails. So I've jumped back to 0.1.11. I created a GitHub issue on your repository with details:
https://github.com/nuxt-modules/kinde/issues/363
GitHub
Unable to install Kinde 0.3.0 · Issue #363 · nuxt-modules/kinde
I'm trying to use Kinde 0.3.0 and I get the following error in my build.log when trying to install Kinde via yarn install. ERROR Cannot read properties of undefined (reading 'push') at ...
Just confirming with the help of your team I was able to get Kinde 0.3.0 installed. I didn't realise I also needed to upgrade to Nuxt 4.
Although... interestingly, I can't see the access endpoint being called at all in 0.3.0. Not sure if there's some other change due to it, but I've got a chat with one of your team members on Monday so I'll talk to them about it.
Hi @TotalScrub, hope you’re well! How did Monday’s chat go in the end?
Also, on the access endpoint: it only registers when the route in
routeRules includes a kinde object.It went well. Everything is sorted from my end.
Great thanks for confirming, @TotalScrub. Glad it’s sorted. If anything else comes up, just shout.