Customer account management
Hi there, I am using kinde in backend Web application without an sdk. Was nice and easy to set up. I am trying to figure out how to approach features like customers deleting account / changing credentials. Am I correct in saying that kinde doesn't offer a customer portal for things like this? I anticipate being able to do this manually via api, but after a little reading I am unsure on implementation/ pricing of this. A little bit of guidance would be appreciated
5 Replies
Hi there,
We've already chatted in another thread.
For a web application without an SDK, you can use Kinde's Management API to handle user account management. Here's what you need to know: 1. First, you'll need to set up a machine-to-machine (M2M) application that will use the Client Credentials flow 2. To get started with the Management API: - Get an access token using your M2M application credentials - Use this token in your API requests 3. The token request should include: - Your client credentials (Client ID and Client Secret) - The appropriate scopes for user management Example token response will look like this: { "aud": [ "https://example.kinde.com/api" ], "azp": "bd69bb9fe5db44a38b6b2dacd1f4b451", "exp": 1729812040, "gty": [ "client_credentials" ], "iat": 1729725640, "iss": "https://example.kinde.com", "jti": "6f091ebe-44ba-4afc-bd2f-05fcccafc89e", "scope": "read:users update:users" } To use this token for API calls, include it in the Authorization header of your requests For example: curl --request GET \ --url 'https://<your_subdomain>.kinde.com/api/v1/users' \ --header 'authorization: Bearer <m2m_access_token>' \ --header 'content-type: application/json' This will allow you to programmatically manage user accounts through your backend application. Make sure to replace
Please let me know if you have any more questions or need help.
We've already chatted in another thread.
For a web application without an SDK, you can use Kinde's Management API to handle user account management. Here's what you need to know: 1. First, you'll need to set up a machine-to-machine (M2M) application that will use the Client Credentials flow 2. To get started with the Management API: - Get an access token using your M2M application credentials - Use this token in your API requests 3. The token request should include: - Your client credentials (Client ID and Client Secret) - The appropriate scopes for user management Example token response will look like this: { "aud": [ "https://example.kinde.com/api" ], "azp": "bd69bb9fe5db44a38b6b2dacd1f4b451", "exp": 1729812040, "gty": [ "client_credentials" ], "iat": 1729725640, "iss": "https://example.kinde.com", "jti": "6f091ebe-44ba-4afc-bd2f-05fcccafc89e", "scope": "read:users update:users" } To use this token for API calls, include it in the Authorization header of your requests For example: curl --request GET \ --url 'https://<your_subdomain>.kinde.com/api/v1/users' \ --header 'authorization: Bearer <m2m_access_token>' \ --header 'content-type: application/json' This will allow you to programmatically manage user accounts through your backend application. Make sure to replace
<your_subdomain> with your Kinde subdomain and <m2m_access_token> with the token received in the previous step .Please let me know if you have any more questions or need help.
great thanks, i'll do some further reading. one other query, is it not possible to add a constraint on users having the same email? i.e. if one signs in via a provider, but the email linked to that provider is already used by someone in kinde
Hi there,
No, it is not possible to prevent this in Kinde. By design, Kinde automatically matches and links accounts with verified email addresses.
(https://docs.kinde.com/authenticate/authentication-methods/email-authentication/)
When a user signs up with a social provider (like Google) and later signs up again with another provider (like Slack) using the same verified email, Kinde will automatically link these accounts.
(https://docs.kinde.com/authenticate/about-auth/authentication-methods/)
This is an intentional security feature - if Kinde detects the same verified email across different sign-in methods, it will link those accounts to reduce duplication and create a better user experience.
(https://docs.kinde.com/authenticate/authentication-methods/email-authentication/)
For example:
1. If a user first signs up with Google, their Kinde profile will be populated with their Google information
(https://docs.kinde.com/authenticate/about-auth/identity-and-verification/#trusting-emails-from-providers)
2. If that same user later returns and signs in with a trusted connection using the same email, Kinde recognizes the existing user and adds the new identity to their profile
3. The user can then sign in using either method
This behavior applies to verified emails from trusted providers. Currently, Google is the only provider trusted by default, though you can configure other providers to be trusted when you set them up in Kinde.
Ah right, so only authenticated emails are linked, actually very well thought out behaviour, thank you for clarifying :)
You are welcome. Please don't hesitate to reach out with any rising questions. 🙂