I am trying to create a backend API using expressJS that is authenticated via Kinde. I have tried both the express quick start and nodejs quick start. The nodejs quick start seems to provide more of what I think I need, partially because the expressjs quick start hangs and fails to server any pages when adding to an existing product.
Where in the middleware for isAuthenticated should it be checking for the bearer token and validating it? I can't seem to find an example of that anywhere.
For testing, why doesn't expressJS allow re-authentication with the cookie saved after login? When the express server restarts I have to login again despite having a redis session store with express-ession
FrontEnd: sveltekit using SDK from Kinde Backend: expressjs using nodejs SDK
Hey @chrisogden., Thanks for reaching out. Also thanks for elaborating on your setup and questions.
Before I dive into your questions, do you want to have your authentication logic in your backend? Or do you want to have your authentication logic in your frontend and pass the JWT to your backend?
I am asking this because we do have a SvelteKit SDK this is robust and comprehensive.
Pass the JWT to the backend. I am using the sveltekit sdk. It sets cookies for just the subdomain it is on so it doesn’t automatically pass the cookie and you can’t access the cookie from sveltekit. The robustness of the sveltekit sdk is great. Would be nice if I could change the domain the cookie is set on. I tried copying the cookie in server hooks and layout.server, which does work but it 500s on logout.
From the api backend side (separate of sveltekit) I wrote custom logic to extract the auth header or cookie and it works but would be nice to see that in nodejs sdk or a sample starter kit. My workout does handle authentication but doesn’t provide a good way to look at orgs, roles or permissions since nodejs sdk is unaware of the session since it was created in sveltekit
I will go read both those docs, maybe it will clear up the audience item as well.
I would suggest raising GitHub issues on the relevant SDK GitHub repos so my teammates who look after the respective SDK will look into and address your points raised.
So would be able to add GitHub issues related to your comments above on the related repos:
