Patrick
KKinde
•Created by bpdigisub on 3/25/2025 in #💻┃support
Automatic SSO Detection and Login
Hello there,
I appreciate your patience, and I want to address your message without further delay.
Yes, Kinde provides a way to handle this through home realm discovery, which routes users based on their email domain.
https://docs.kinde.com/authenticate/enterprise-connections/about-enterprise-connections/#show-or-hide-the-sso-sign-in-button-on-the-auth-page
This means when a user enters their email, they can be automatically routed to their IdP based on the email domain .
To set this up:
1. Configure home realm domains in your Microsoft Entra ID connection setup.
This speeds up the sign-in process for users of those domains.
2. When home realm domains are configured, the SSO button is hidden by default on the auth screen .
3. Users will be silently authenticated against the relevant IdP based on their email domain
For a seamless experience, you should: 1. Configure home realm discovery in your enterprise auth method 2. This will hide the SSO button by default 3. Users will then be silently authenticated via their IdP when they enter their credentials Note that this feature is specifically for routing and is not related to security or access control.
For a seamless experience, you should: 1. Configure home realm discovery in your enterprise auth method 2. This will hide the SSO button by default 3. Users will then be silently authenticated via their IdP when they enter their credentials Note that this feature is specifically for routing and is not related to security or access control.
4 replies
KKinde
•Created by fayzul on 3/20/2025 in #💻┃support
How to Ensure Email is Included in User Profile Response?
After checking these things, if the issue persists, could you kindly share your current setup with Flutter and Django for further investigation?
If you want to keep it private, you can create the ticket in confidential support.
10 replies
KKinde
•Created by fayzul on 3/20/2025 in #💻┃support
How to Ensure Email is Included in User Profile Response?
The required OAuth scopes for getting email are
(https://docs.kinde.com/developer-tools/about/using-kinde-without-an-sdk/#oauth-20-scopes)
(https://docs.kinde.com/build/tokens/oath-scopes/) :
- openid - requests an ID token containing user information
- email - specifically requests the user's email
- profile - requests profile details as part of ID token
- offline - requests refresh token capability
Make sure all these scopes are included in your authorization request. The email should be returned in the ID token rather than the access token.
When using the Flutter SDK to get user information, you can use
(https://docs.kinde.com/developer-tools/sdks/native/flutter-sdk/#scopes) :
sdk.getUser().then((value) {
print('User: ${value?.firstName ?? ''} ${value?.lastName ?? ''}');
});
Or for more detailed profile information :
final userProfile = await sdk.getUserProfileV2();
print(userProfile);
If you're still not receiving the email after confirming all scopes are properly requested, verify:
1. The user has verified their email address in Kinde
2. Your application has the proper permissions configured in the Kinde dashboard
3. You're using the ID token rather than the access token to get user profile information
10 replies
KKinde
•Created by fayzul on 3/20/2025 in #💻┃support
How to Ensure Email is Included in User Profile Response?
For Django:
When setting up the Kinde client, ensure you're requesting the email scope
(https://kinde.com/blog/engineering/set-up-django-authentication-with-kinde) :
kinde_client = KindeApiClient(
domain=os.getenv("KINDE_ISSUER_URL"),
callback_url=os.getenv("KINDE_CALLBACK_URL"),
client_id=os.getenv("KINDE_CLIENT_ID"),
client_secret=os.getenv("KINDE_CLIENT_SECRET"),
grant_type=GrantType.AUTHORIZATION_CODE,
)
10 replies
KKinde
•Created by fayzul on 3/20/2025 in #💻┃support
How to Ensure Email is Included in User Profile Response?
For Flutter:
You need to initialize the SDK with the required scopes during setup
(https://docs.kinde.com/developer-tools/sdks/native/flutter-sdk/#scopes) :
await KindeFlutterSDK.initializeSDK(
authDomain: dotenv.env[KINDE_AUTH_DOMAIN]!,
authClientId: dotenv.env[KINDE_AUTH_CLIENT_ID]!,
loginRedirectUri: dotenv.env[KINDE_LOGIN_REDIRECT_URI]!,
logoutRedirectUri: dotenv.env[KINDE_LOGOUT_REDIRECT_URI]!,
audience: dotenv.env[KINDE_AUDIENCE], //optional
scopes: ["email","profile","offline","openid"] // Make sure to include email scope
);
10 replies
KKinde
•Created by fayzul on 3/20/2025 in #💻┃support
How to Ensure Email is Included in User Profile Response?
Hi there, this is Patrick from Kinde. Thanks for reaching out.
10 replies