Kinde
Log in

Welcome to the Kinde community

Updated 2 months ago

Kinde management api issue with nextjs app router

At a glance

A community member had a production environment where the Kinde Management API was enabled and working fine. They tried to enable it in a duplicate environment, but were not able to do so. According to the documentation, the Kinde Management API can only be accessed via M2M applications, which the community member was not aware of.

Another community member explained that Kinde had made a security change in August, where the Management API could only be accessed via M2M applications. They also added scopes/permissions to make the M2M applications more secure. However, existing backend applications that had already authorized for the Management API would continue to work as before, while new applications would not be able to authorize access to it.

The community member requested to have the Kinde Management API enabled in their new environment, as it was enabled in the production environment. However, the Kinde representative explained that they cannot accommodate this request, as it would introduce security risks. Instead, they recommended the community member to change their environments to use only M2M applications for Kinde Management API interactions.

The community member acknowledged the recommendation and discussed it with their team. They later confirmed that they had moved to M2M and everything was working as expected.

Useful resources
AAlex
·

Hey Guys

i something weird just happened i had a prod env where Kinde Management API is enabled to a backend and its working fine
i just duplicated the env and tried to turn on Kinde Management API and its not allowing me to do so
based on the your doc i can see only it can be done from m2m (not sure if this is newly added) but how prod is working ?
we are using NextJs app router "@kinde-oss/kinde-auth-nextjs": "2.4.5-0",

Attachment
image.png
1
D
A
D
12 comments
DDave Berner

Hey back in August we made a security change to the way our Management API is accessed i.e now it can only be accessed via M2M applications. We also added scopes/permissions so that the M2M applications would be more secure by limiting what endpoints they could access (announcement here).

We wanted to ensure this wasn’t a breaking change so backend applications that had already authorized for the Management API would continue to work as before, backend applications created after August would not be able to authorize access to it.

We now have a specific management API JavaScript SDK which is the recommended way of accessing our management API in NextJS - there are some code samples here on how to implement: https://docs.kinde.com/developer-tools/sdks/backend/nextjs-sdk/#kinde-management-api

AAlex

i see can you please enable it for me cz my prod is enabled and my qa env is not and will not invest time to do it m2m now !
in other words i have 2 kinde env for same project with one enabled and one disabled!

AAlex

please let me know if this is possible thank you

AAlex

AAlex

can i please have a reply to this

DDaniel Rivers

I will check what can be done with when he comes online

OOliver Wolff

Hey ,

I am afraid we can't accomodate this.

We made the changes to improve our security for customers like you and we cannot undo these changes as it will introduce more security risks.

I understand you want to replicate your new environment like your production environment, but we have to prioritize security, and so we can't remove this restriction.

Instead, we recommend changing your environments to use only M2M applications for your Kinde Management API interactions. We're here to support you to make this change, if you choose to do it.

Please let me know if you have any further questions or concerns on this.

AAlex

Hey
thanks for your input let me discuss that with team and let u know our decision
thanks

OOliver Wolff

Thanks .

By the way, I am off from this Friday (15 Nov) and back on Wednesday (20 Nov) - so reach out to in the meantime

AAlex

<@U07RXGPH7DL>

AAlex

we moved to m2m and things looks good
thank you

OOliver Wolff

Sorry - just got back from leave.
Good to hear everything is working as expected now.

Please don't hesitate to reach out if you come across any other issues.

Add a reply
Sign up and join the conversation on Slack