Hey Guys i updated some permissions and roles for a user and then hit this api
https://kinde.com/api/docs/#refresh-user-claims-and-invalidate-cache
and got{ "code": "CLAIMS_REFRESH_SUCCESS", "message": "Claims successfully refreshed"}
to see if he gets updated without logging out and in again but it didn't work
need help to do it please
hi , the refreshed claims will be available after the token is exchanged via the refresh token flow. You need to request the offline scope when starting the auth flow, which will generate a refresh token alongside the access token. You could use the refresh token to generate an updated tokens after the refresh clams.
I see we need to document this flow better.
Hello
my main goal now is to make all users to get new token
cz i added some permissions to them
how can i force user to login again ?
i tried to suspend them but they can still work until they logout
If you didn't start the offline session, another method is starting an auth flow without providing any prompt, this way the user will be redirected to Kinde and back, and will receive the updated token.
In case their auth session expired, they will be asked to authenticate, for the already authenticated session the process only involves several redirects and no UI.
The documentation about the prompt parameter https://docs.kinde.com/developer-tools/about/using-kinde-without-an-sdk/#prompt
Your users already have live access tokens which are not connected to Kinde any longer in any way until the token expired.
You need the app to make a request to start the auth flow from your code. With the refresh tokens this would have happened on the page refresh automatically, but without it implemented I can't see a fast method so far.
Which SDK are you using?
, in the Next.js SDK you can refresh tokens by calling:
const session = await getKindeServerSession(); await session.refreshTokens();The best I can figure is after you’ve made the broad permission changes, deploy your app with this call in a common route conditionally (not recommended to call this frequently as it adds request overhead).
, can you provide some details about what you have tried? Are you calling refreshTokens() from middleware?
actually i'm trying to refresh token for the user once he changes a permission to himself
so basically i'm doing it in a api route
, the call to const newTokens = await refreshTokens(); should return new tokens, can you see if there are new tokens returned? If you are getting null returned can you set the environment variable KINDE_DEBUG_MODE=true and see if there are any errors logged?
KINDE_DEBUG_MODE=trueis already on but no error are being logged in console and it is returning null
newTokens null
hey , if you are calling refreshTokens in the context of a Nextjs page, unfortunately, we can’t update the cookies from there which sucks.
So you might have to put the refreshTokens part into a sever action in which case the newTokens should return new tokens and update the permissions.
If the permissions are not updating then it is most likely a cache invalidation thing on our part!!
i tried calling refreshTokens from route handler it worked but from server side action it didn't !
and i realised that the bearer returned is the same as the one i already got in my cookie
shouldn't be different?
Hey ,
We are still looking into this issue.
Apologies it's still going on.
We will continue to update you on our progress investigating this issue.
export const updateUserName = async (props: {
userId: string;
userName: string;
}) => {
init();
await Users.updateUser({
id: props.userId,
requestBody: {
given_name: props.userName
}
});
await getKindeServerSession().refreshTokens();
revalidatePath('/dashboard', 'page');
};'use client';
import {useKindeBrowserClient} from '@kinde-oss/kinde-auth-nextjs';
import {updateUserName} from '../../actions/kinde';
export const PersonData = () => {
const {user} = useKindeBrowserClient();
const handleSubmit = async (formData: FormData) => {
const givenName = formData.get('givenName') as string;
await updateUserName({userId: user.id, userName: givenName});
// window.location.reload(); (if using browser client)
};
return (
<div>
<form action={handleSubmit}>
<label htmlFor="orgName">Organization Name:</label>
<input
type="text"
id="givenName"
name="givenName"
defaultValue={user?.given_name}
/>
<button type="submit">Update user first name</button>
</form>
<pre>{JSON.stringify(user, null, 2)}</pre>;
</div>
);
};^ this is an example of a form that should update the user via the api, then refresh to get the updated data.
Only thing to note is that if you’re grabbing the user data from getKindeBrowserClient you will have to do a window.location.reload() to get the updated data
we’re planning on fixing this behaviour in a future release
Thank you we will test it out. Any idea around timeline for the release roadmap wise?