Pass values between workflow triggers
Is there a way to pass data between workflows?
I autenticating via SSO (entra id), and need to use the claims in the idToken when generating/formating accesstokens.
3 Replies
Hi, Thanks for reaching out.
In Kinde each workflow runs in isolation with its own event context. However, when authenticating via SSO (such as Entra ID), you can access claims from the upstream identity provider within the token generation workflow, and use them to format or add claims to the access and ID tokens.
To use claims from the ID token when generating or formatting access tokens during the user:tokens_generation workflow: - The event context provided to the workflow includes user, organization, and authentication details, including information from the identity provider (like Entra ID). - You can add or format claims in both the access token and ID token using the kinde.accessToken and kinde.idToken bindings. - For Entra ID, group and profile information from the IdP is included in the event context and can be accessed for custom claim logic. Example pattern: 1. In your workflow, extract the claims you need from the event context (e.g.,
Let me know if this helps, Thanks
In Kinde each workflow runs in isolation with its own event context. However, when authenticating via SSO (such as Entra ID), you can access claims from the upstream identity provider within the token generation workflow, and use them to format or add claims to the access and ID tokens.
To use claims from the ID token when generating or formatting access tokens during the user:tokens_generation workflow: - The event context provided to the workflow includes user, organization, and authentication details, including information from the identity provider (like Entra ID). - You can add or format claims in both the access token and ID token using the kinde.accessToken and kinde.idToken bindings. - For Entra ID, group and profile information from the IdP is included in the event context and can be accessed for custom claim logic. Example pattern: 1. In your workflow, extract the claims you need from the event context (e.g.,
event.context.user or event.context.auth).
2. Use kinde.accessToken.setCustomClaim or kinde.idToken.setCustomClaim to add or format claims as needed.
You cannot persist arbitrary data between workflow runs, but you can always use the current event's context and claims to shape your access and ID tokens for each authentication event.Let me know if this helps, Thanks
Thank you for your reply ! 🙂
This was my thought !
However, I can only see the complete auth context from Entra ID in the PostAuthentication flow.
in the UserTokenGeneration, the "auth" object looks like this
In the PostAuthentication flow it has everything.
Do I have anything configured wrong ?
I solved it by syncing to an external db and then using a fetch to that in the token creation step. I needed that anyways it seemed, however would love som assistance on this, because I have several usecases where I could benefit from doing this all in workflows - Would love an option to pass some state between the workflows.
For state management between workflows, you have these options.
1. External Storage:
Use the
Each workflow receives trigger-specific data in the
Let me know if I need to make things clear, Thanks
1. External Storage:
Use the
kinde.fetch binding to store and retrieve state from external services:
2. Environment Variables for Configuration:
Use the kinde.env binding for configuration data that persists across workflow runs:
3. Event Context Data:Each workflow receives trigger-specific data in the
context object that includes user ID, organization code, and other relevant information. This data is available for each workflow execution but doesn't persist between runs.
The secure JavaScript environment prevents using features like the fs module, which would result in runtime errors.Let me know if I need to make things clear, Thanks