You certainly can, you will just need to toggle this on in Applications > Tokens in your Kinde account
Should I be able to see it when I get user by id from Kinde Management API?
or maybe with next sdk getUser?
Correct both of those methods work
For some reason, I could not get it to work. I might try again today
This all started from not getting Patreon connected app to work. Well, it's not showing for me in the Connected Apps section.
And also, thanks for the help so far
Somehow, I'm still only getting properties, picture, email, and kinde user id, when I call getUser
Do I have to manually attach additional data/scope when the oauth happens
I'm just getting user like this
Down to hop on a quick call anytime to solve this
Mmmm, let me check with our NextJS expert to come back with some additional direction
@onderay Might not need this anymore after the Patreon Connected App access grant
for anyone else wondering, after you set additional claims to id token,
at least for discord, they are put under ext_provider
Next.js SDK (app router) example:const { getIdToken } = getKindeServerSession();
const idToken = await getIdToken();
const externalProvider = idToken.ext_provider;
console.log(externalProvider)
/* Example output:
{
"claims": {
"is_confirmed": true,
"profile": {
"accent_color": 16711680,
"avatar": "https://example.com/avatar.jpg",
"banner_color": "#00FF00",
"discriminator": "1234",
"email": "example@example.com",
"flags": 128,
"global_name": "Example User",
"id": "123456789012345678",
"locale": "en-US",
"mfa_enabled": true,
"premium_type": 1,
"public_flags": 64,
"username": "exampleuser",
"verified": true
}
}
}
*/So you have it all working now?
trying another method at the moment. Basically my site needs OAuth that gates login based on either patreon/disocrd role. Then it needs some role system to check out the users role and on pages check if the user can access or not.
So regardless of the methods/tech I'd want something like this:
- onSignIn: allow if patreon/discord active role
- some way to read the role, either from token or from where the db auth user would be stored
- invalidate session once subscription ends (easier for database user/session than for a JWT session)
Right now I just have Discord OAuth used with JWT tokens that expire in two weeks. If only I get the refresh tokens working it's a pretty ok solution. But Next.js 14 and jwt refresh token has seemed harder than it should be
Also the tokens get added the user role when they are initially issued. Not sure if this is good practice
But this is off topic. Maybe I am just thinking about it all the wrong way...
So the team had a quick think to give you some of our advice. Our thinking is the following flow which is similar to what you are thinking.
- Use Custom sign/in with Discord SSO
- Check the patreon connected app info via Kinde API
- Get/update roles
- Land the user in the product or somewhere else
