Flutter SDK - Session expired or invalid

Node.jsFlutterExpress

Hi,

I'm using the SDK in my Flutter app in conjunction with my backend server (API) which uses the Node Express SDK. My backend (ExpressJS) is using AWS DynamoDB to manage auth sessions and is configured like this:
⁨

const session = require('express-session');
const DynamoDBStore = require('connect-dynamodb')(session);
const { setupKinde, GrantType } = require('@kinde-oss/kinde-node-express');
...
const app = express();
...
store = new DynamoDBStore({
  table: process.env.SESSIONS_DYNAMODB_TABLE_NAME,
  client: dynamoDbUtils.dynamoClient,
});

app.use(session({
  store,
  secret: process.env.SESSION_SECRET,
  saveUninitialized: false,
  cookie: {
    sameSite: 'lax',  // Allow cookies in top-level navigations
    httpOnly: true,  // If true, session cookie is not accessible by JavaScript (for security)
    secure: process.env.ENVIRONMENT === 'production',  // Set to true only in production (HTTPS)
    path: '/',
  },
  resave: false,
}));
...
if (!kindeClient) {
  kindeClient = setupKinde(kindeConfig, app);
}
...

const session = require('express-session');
const DynamoDBStore = require('connect-dynamodb')(session);
const { setupKinde, GrantType } = require('@kinde-oss/kinde-node-express');
...
const app = express();
...
store = new DynamoDBStore({
  table: process.env.SESSIONS_DYNAMODB_TABLE_NAME,
  client: dynamoDbUtils.dynamoClient,
});

app.use(session({
  store,
  secret: process.env.SESSION_SECRET,
  saveUninitialized: false,
  cookie: {
    sameSite: 'lax',  // Allow cookies in top-level navigations
    httpOnly: true,  // If true, session cookie is not accessible by JavaScript (for security)
    secure: process.env.ENVIRONMENT === 'production',  // Set to true only in production (HTTPS)
    path: '/',
  },
  resave: false,
}));
...
if (!kindeClient) {
  kindeClient = setupKinde(kindeConfig, app);
}
...

⁩

In my app, Kinde is initialized using:
⁨

await KindeFlutterSDK.initializeSDK(
  authDomain: dotenv.env['KINDE_AUTH_DOMAIN']!,
  authClientId: dotenv.env['KINDE_AUTH_CLIENT_ID']!,
  loginRedirectUri: dotenv.env['KINDE_LOGIN_REDIRECT_URI']!,
  logoutRedirectUri: dotenv.env['KINDE_LOGOUT_REDIRECT_URI']!,
  scopes: dotenv.env['KINDE_SCOPES']!.split(" "),
);

await KindeFlutterSDK.initializeSDK(
  authDomain: dotenv.env['KINDE_AUTH_DOMAIN']!,
  authClientId: dotenv.env['KINDE_AUTH_CLIENT_ID']!,
  loginRedirectUri: dotenv.env['KINDE_LOGIN_REDIRECT_URI']!,
  logoutRedirectUri: dotenv.env['KINDE_LOGOUT_REDIRECT_URI']!,
  scopes: dotenv.env['KINDE_SCOPES']!.split(" "),
);

⁩

And token is fetched using:
⁨

try {
  final startTime = DateTime.now();
  final String? token = await KindeFlutterSDK.instance.getToken();
  final duration = DateTime.now().difference(startTime).inMilliseconds;
  return token;
} catch (e) {
  return null;
}

try {
  final startTime = DateTime.now();
  final String? token = await KindeFlutterSDK.instance.getToken();
  final duration = DateTime.now().difference(startTime).inMilliseconds;
  return token;
} catch (e) {
  return null;
}

⁩

I'm running the app on both iOS and Android and one of its features is syncing data in the background (when the app is minimized/closed). I keep getting "session-expired-or-invalid" errors from getToken() after the access token expires and there's a background sync.

Am I doing something wrong?

Kinde•2mo ago•

2 replies

Ricer

Flutter SDK - Session expired or invalid

Node.jsFlutterExpress

const session = require('express-session');
const DynamoDBStore = require('connect-dynamodb')(session);
const { setupKinde, GrantType } = require('@kinde-oss/kinde-node-express');
...
const app = express();
...
store = new DynamoDBStore({
  table: process.env.SESSIONS_DYNAMODB_TABLE_NAME,
  client: dynamoDbUtils.dynamoClient,
});

app.use(session({
  store,
  secret: process.env.SESSION_SECRET,
  saveUninitialized: false,
  cookie: {
    sameSite: 'lax',  // Allow cookies in top-level navigations
    httpOnly: true,  // If true, session cookie is not accessible by JavaScript (for security)
    secure: process.env.ENVIRONMENT === 'production',  // Set to true only in production (HTTPS)
    path: '/',
  },
  resave: false,
}));
...
if (!kindeClient) {
  kindeClient = setupKinde(kindeConfig, app);
}
...

const session = require('express-session');
const DynamoDBStore = require('connect-dynamodb')(session);
const { setupKinde, GrantType } = require('@kinde-oss/kinde-node-express');
...
const app = express();
...
store = new DynamoDBStore({
  table: process.env.SESSIONS_DYNAMODB_TABLE_NAME,
  client: dynamoDbUtils.dynamoClient,
});

app.use(session({
  store,
  secret: process.env.SESSION_SECRET,
  saveUninitialized: false,
  cookie: {
    sameSite: 'lax',  // Allow cookies in top-level navigations
    httpOnly: true,  // If true, session cookie is not accessible by JavaScript (for security)
    secure: process.env.ENVIRONMENT === 'production',  // Set to true only in production (HTTPS)
    path: '/',
  },
  resave: false,
}));
...
if (!kindeClient) {
  kindeClient = setupKinde(kindeConfig, app);
}
...

⁩

In my app, Kinde is initialized using:
⁨

await KindeFlutterSDK.initializeSDK(
  authDomain: dotenv.env['KINDE_AUTH_DOMAIN']!,
  authClientId: dotenv.env['KINDE_AUTH_CLIENT_ID']!,
  loginRedirectUri: dotenv.env['KINDE_LOGIN_REDIRECT_URI']!,
  logoutRedirectUri: dotenv.env['KINDE_LOGOUT_REDIRECT_URI']!,
  scopes: dotenv.env['KINDE_SCOPES']!.split(" "),
);

await KindeFlutterSDK.initializeSDK(
  authDomain: dotenv.env['KINDE_AUTH_DOMAIN']!,
  authClientId: dotenv.env['KINDE_AUTH_CLIENT_ID']!,
  loginRedirectUri: dotenv.env['KINDE_LOGIN_REDIRECT_URI']!,
  logoutRedirectUri: dotenv.env['KINDE_LOGOUT_REDIRECT_URI']!,
  scopes: dotenv.env['KINDE_SCOPES']!.split(" "),
);

⁩

And token is fetched using:
⁨

try {
  final startTime = DateTime.now();
  final String? token = await KindeFlutterSDK.instance.getToken();
  final duration = DateTime.now().difference(startTime).inMilliseconds;
  return token;
} catch (e) {
  return null;
}

try {
  final startTime = DateTime.now();
  final String? token = await KindeFlutterSDK.instance.getToken();
  final duration = DateTime.now().difference(startTime).inMilliseconds;
  return token;
} catch (e) {
  return null;
}

Flutter SDK - Session expired or invalid

Flutter SDK - Session expired or invalid

Similar Threads

Similar Threads

Similar Threads