Trouble with createKindeManagementAPIClient.usersApi

Have you been able to test your connection with Postman fine?

It looks like you're encountering an error when trying to use the Kinde Users API. The error message "Response returned an error code" suggests that the request to the Kinde API is not being processed as expected. This could be due to several reasons, such as incorrect API credentials, insufficient permissions, or an issue with the request format.

Here are a few steps you can take to troubleshoot and resolve the issue:

Check API Credentials: Ensure that your Kinde API credentials (Client ID, Client Secret, and Kinde Domain) are correctly configured in your environment. These credentials are essential for authenticating your requests to the Kinde API.

Verify Permissions: Make sure that the API client you're using has the necessary permissions to access the Users API. You might need to review the permissions assigned to your API client in the Kinde dashboard.

Request Format: Double-check the request format, including headers and any required parameters. The Kinde API expects the content-type of the request to be in JSON format. Ensure that your request adheres to the expected format as outlined in the Kinde API documentation.

API Endpoint: Verify that you're calling the correct API endpoint. The endpoint for retrieving users is typically structured as https://{your_kinde_domain}.kinde.com/api/v1/users. Replace {your_kinde_domain} with your actual Kinde domain.

Error Handling: Implement error handling in your code to catch and log any errors returned by the Kinde API. This can provide more insight into what might be causing the issue.

Kinde Documentation: Review the Kinde API documentation for any specific requirements or examples related to using the Users API. The documentation might offer additional insights or examples that could help resolve the issue.

I found the issue. It was my KINDE_ISSUER_URL. I was using the custom domain I set. When I revert back to the https://REDACTED.us.kinde.com one, it works. But now I'm not using the custom domain anymore. How do I reconcile this?

FYI I am not using Postman, I'm using the NextJS SDK

Its required for you to access the API via your Kinde domain rather than your custom domain. You can still use your custom domain for any external user auth pages

how should the environment variables be set to accomplish this? or is there a parameter to pass to the Kinde API Client to specify the host?

This is how you should have your env variables setup:

KINDE_ISSUER_URL - Your Kinde domain.
KINDE_CLIENT_ID - The client ID provided by Kinde.
KINDE_CLIENT_SECRET (if applicable) - The client secret provided by Kinde for server-side applications.
KINDE_AUDIENCE - The intended audience for your API, typically your Kinde domain followed by /api.

https://kinde.com/docs/developer-tools/nextjs-sdk/#kinde-management-api

When using NextJS with Kinde, you can specify the host for the Kinde API Client by setting the KINDE_ISSUER_URL in your .env file. This environment variable should be set to your Kinde domain, which acts as the token host value. Here's an example of how you might set it:

KINDE_ISSUER_URL=https://<your_subdomain>.kinde.com


This configuration is crucial for ensuring that your application can communicate correctly with the Kinde authentication services. Make sure to replace <your_subdomain> with your actual Kinde subdomain.

by "Kinde domain" are you referring to the custom domain, or the kinde.com one?

if the former, that does not work for accessing the api, as I found above.

if the latter, then where do I specify my custom domain?

I am referring to the xxxx.kinde.com one

No, you do not need to use a custom domain to access the Kinde Management API. The base URL for the Kinde Management API is structured as https://{businessName}.kinde.com, and it utilizes kindeBearerAuth over HTTP for security. This means you can access the Management API using your Kinde-issued domain, and there is no requirement to set up a custom domain specifically for API access. https://kinde.com/docs/build/add-a-m2m-application-for-api-access/

I think there's still some confusion here. If I set my env vars to use the x.kinde.com domain so that the User API works, where do I specify my custom domain so that the sign in flow uses it?

Update Your NextJS Application: After setting up your custom domain in Kinde, use your custom domain rather than the Kinde issued subdomain in your code base.

Configure Environment Variables in NextJS: For your NextJS application to use the custom domain, you need to define environment variables such as KINDE_SITE_URL, KINDE_POST_LOGOUT_REDIRECT_URL, and KINDE_POST_LOGIN_REDIRECT_URL to include your custom domain. This can be done by adding these variables to your next.config.js file.

Ensure Callback and Logout URLs are Set: Make sure that the allowed callback URLs and allowed logout redirect URLs in Kinde are set to your custom domain. This is crucial for the authentication flow to redirect users back to your application correctly after they have logged in or logged out.

Let me know if the instruction are clear for you

I'm not sure the SITE_URL does what you're saying it does. I have it set to localhost:3000 locally right now, and clicking a login link redirects to the ISSUER_URL (not the SITE_URL). My understanding and usage matches the online docs.

For the sake of trying, I updated the mentioned vars to my custom domain, and it seemed to have no effect.

I appreciate the answers but respectfully, they seem like AI generated hallucinations.

Sorry about this Jeremy, I will get a more experienced team member to help here

You can use the custom domain with our management API, but your audience value would need to be the Kinde domain still:

auth url: https://{your custom domain}/oauth2/token
audience url: https://{your.kinde.domain}.kinde.com/api

Let me know if that helps

https://kinde.com/docs/developer-tools/nextjs-sdk/#configure-environment-variables

here are the options I have to work with. the only URL options are Issuer URL and Site URL. No Auth URL or Audience URL.

from what I can tell, this is the extent of the docs for the API: https://kinde.com/docs/developer-tools/nextjs-sdk/#kinde-management-api

there is no documented way to pass URL config at all

I think I'll need someone from your team familiar with the Nextjs SDK to answer this one. My goal is to use the custom domain for auth, meaning when someone clicks Sign In, it uses the custom domain. And to be able to use the Management API, the domain it uses does not matter to me because it is transparent to the user.

if your answer is indeed correct, meaning it uses undocumented configurations, could you be more specific as to how I pass that configuration? otherwise I feel the answer is not relevant for the Nextjs SDK

for the sake of tryring, here's what's happened:

• I found your old nextjs docs, which has some notes on Audience within the Management API section: https://kinde.com/docs/developer-tools/nextjs-sdkv1/#kinde-management-api
• I've set my audience env var to match: https://KINDE_DOMAIN.kinde.com/api
• I updated my issuer url env var to the custom domain: KINDE_ISSUER_URL=https://auth.CUSTOM_DOMAIN.COM
• I click login in my app, I get this: {"error":"invalid_request","error_description":"The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Requested audience 'https://KINDE_DOMAIN.kinde.com/api' has not been whitelisted by the OAuth 2.0 Client."}

Thanks for the update, I will get a team member to jump in.

any update on this?

🙁

@onderay I hate to ping you but I'm gonna do it 😬

I need someone to confirm that they have tested custom domains on the nextjs sdk combined with fetching users using the management api (elaboration above)

I see your problem here, there is a new package which I think will solve this for you perfectly.

This package has been designed to decouple the Auth SDK from management to allow better control. I am still putting together the documentation for this and its very new. If you're happy to try this out it will give you a route forward as you defined a separate client id, client secret and domain.

https://github.com/kinde-oss/management-api-js

this seems to work, thank you. though I have a few questions -

1. why can't this be in the existing nextjs package? why separate it like this?
2. is it possible to remove the need for init()? it seems a bit "ugly" and I'm not quite clear as to when/where I should call it

thank you very much though 😄

just looked into the code to see what init does. call me crazy but couldn't you preface the main functions with "if no token run init"? anyway I get it now and I will run it once at the root of my app, rather than within the page calling it

Is there any way to get Slack profile via management api? I do get identities in user but no profile while I get that during login in ext_provider.

I too created a singleton for it

The init() is required to ensure the package works cross many frameworks.

For example in Nuxt there is no way to make this execute at startup like there is in Next.js, this is down to how the complier works. We do want to improve on this at some point but this approach works albeit you have to call init once.

@vivek.gupta I will discuss with the team about accessing external provider details via the API