.NET SDK

The Kinde .NET SDK allows developers to quickly and securely integrate a new or an existing .NET application to the Kinde platform. The Kinde SDK is available on the Nuget package repository at https://www.nuget.org/packages/Kinde.SDK

Register for Kinde

If you haven’t already got a Kinde account, register for free here (no credit card required).

You need a Kinde domain to get started, e.g. yourapp.kinde.com

Add packages to your application

Use Dotnet CLI or NuGet CLI to add packages in your project.

Dotnet CLI:

dotnet add package Kinde.SDK --version 0.0.1

NuGet:

NuGet\Install-Package Kinde.SDK -Version 0.0.1

This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module’s version of Install-Package.

Set callback URLs

  1. In Kinde, go to Settings > Applications.
  2. View the application details. This is where you get app keys and set the callback URLs.
  3. Add your callback URLs in the relevant fields. For example:
  4. Select Save.

Add environments

Kinde comes with a production environment, but you can set up other environments if you want to. Note that each environment needs to be set up independently, so you need to use the Environment subdomain in the code block above for those new environments.

Configure your app

Environment variables

Put these variables in your .env file:

  • KINDE_SITE_URL - where your app is running
  • KINDE_ISSUER_URL - your Kinde domain
  • KINDE_POST_CALLBACK_URL - After the user authenticates we will callback to this address. Make sure this URL is under your allowed callback URLs.
  • KINDE_POST_LOGOUT_REDIRECT_URL - where you want users to be redirected to after logging out. Make sure this URL is under your allowed logout redirect URLs.
  • KINDE_CLIENT_ID - you can find this on the App keys page
  • KINDE_CLIENT_SECRET - you can find this on the App keys page

SDK also supports configuration from the appsetings.json file. If you want, you can write your own implementation of IAuthorizationConfigurationProvider and IIdentityProviderConfigurationProvider.

{
...
"KindeSettings": {
    "Domain": KINDE_ISSUER_URL,
    "CallbackUrl": KINDE_POST_CALLBACK_URL
},
"ApplicationConfiguration": {
    "Domain": KINDE_ISSUER_URL,
    "ReplyUrl": KINDE_POST_CALLBACK_URL,
    "LogoutUrl": KINDE_POST_LOGOUT_REDIRECT_URL
},
"DefaultAuthorizationConfiguration": {
    "ConfigurationType": "Kinde.Api.Models.Configuration.<THE_LOGIN_METHOD_YOU_PREFER>",
    "Configuration": {
        "State": null,
        "ClientId": KINDE_CLIENT_ID,
        "Scope": "openid offline",
        "GrantType": "code id_token token",
        "ClientSecret": KINDE_CLIENT_SECRET
    }
},
...
}

Configuration example:

{
...
"KindeSettings": {
    "Domain": "https://your_kinde_domain.kinde.com",
    "CallbackUrl": "https://localhost:7165/home/callback"
},
"ApplicationConfiguration": {
    "Domain": "https://your_kinde_domain.kinde.com",
    "ReplyUrl": "https://localhost:7165/home/callback",
    "LogoutUrl":  "https://localhost:7165/home"
},
"DefaultAuthorizationConfiguration": {
    "ConfigurationType": "Kinde.Api.Models.Configuration.PKCES256Configuration",
    "Configuration": {
        "State": null,
        "ClientId": your_kinde_client_id,
        "Scope": "openid offline",
        "GrantType": "code id_token token",
        "ClientSecret": your_kinde_client_secret

    }
},
...
}

In your startup file (usually called Startup.cs or Program.cs), register configuration providers using .NET DI:

builder.Services.AddTransient<IAuthorizationConfigurationProvider, DefaultAuthorizationConfigurationProvider>();
builder.Services.AddTransient<IApplicationConfigurationProvider, DefaultApplicationConfigurationProvider>();
builder.Services.AddSession();
...
var app = builder.Build();
app.UseSession();

Note: The above configuration providers are referenced in the Kinde.Api.Models.Configuration and the Microsoft.AspNetCore.Sessionassembly. Those assemblies must be added to your project.

PKC256 Configuration example:

This is the most complicated configuration. The configuration for the Authentication code is the same. For Client credentials, ‘State’ is not applicable, but you don’t need to remove it.

All available types are:

  1. Kinde.Api.Models.Configuration.PKCES256Configutation
  2. Kinde.Api.Models.Configuration.AuthorizationCodeConfiguration
  3. Kinde.Api.Models.Configuration.ClientCredentialsConfiguration

Besides configuration, all code approaches are quite similar. The only difference is if the authorization flow requires user redirection. In which case, for Client Credentials configuration Authorize() call is enough for authorization. For others (PKCE and Authorization code) you should handle redirection to Kinde (as IdP) and handle callback to end authorization.

Integrate with your app

You’ll need to declare your configurations provider in your controller.

...
using Kinde.Api.Models.Configuration;
using Kinde.DemoMVC.Authorization;
using Kinde.DemoMVC.Models;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
...

public class YorController : Controller
{
...

		private readonly IAuthorizationConfigurationProvider _authConfigurationProvider;
		private readonly IApplicationConfigurationProvider _appConfigurationProvider;
...

public YourController (..., IAuthorizationConfigurationProvider authConfigurationProvider, IApplicationConfigurationProvider appConfigurationProvider)
{
...

		_authConfigurationProvider = authConfigurationProvider;
		_appConfigurationProvider = appConfigurationProvider;
...
}
}

Log in and registration

The Kinde client provides methods for easy sign in and register flows.

For example, if add buttons in your HTML as follows:

<div class="navigation">
    @Html.ActionLink("Sign in","Login", "YourController") @Html.ActionLink("Sign up","Signup", "
    YourController")
</div>

Then define new actions in YourController:

public async Task<IActionResult> Login()
{
	// We need some artificial id to correlate user session to client instance

	//NOTE: Session.Id will be always random, we need to add something to session to make it persistent.
	string correlationId = HttpContext.Session?.GetString("KindeCorrelationId");

	if (string.IsNullOrEmpty(correlationId))
	{
		correlationId = Guid.NewGuid().ToString();
		HttpContext.Session.SetString("KindeCorrelationId", correlationId);
	}

	// Get client's instance...
	var client = KindeClientFactory.Instance.GetOrCreate(correlationId, _appConfigurationProvider.Get());

	// ...and authorize it
	await client.Authorize(_authConfigurationProvider.Get());

	// if auth flow is not ClientCredentials flow, we need to redirect user to another page
	if (client.AuthotizationState == Api.Enums.AuthotizationStates.UserActionsNeeded)
	{
		// redirect user to login page
		return Redirect(await client.GetRedirectionUrl(correlationId));
	}
		return RedirectToAction("Index");
}

public async Task<IActionResult> SignUp()
{
	string correlationId = HttpContext.Session?.GetString("KindeCorrelationId");

	if (string.IsNullOrEmpty(correlationId))
	{
		correlationId = Guid.NewGuid().ToString();
		HttpContext.Session.SetString("KindeCorrelationId", correlationId);
	}

	var client = KindeClientFactory.Instance.GetOrCreate(correlationId, _appConfigurationProvider.Get());

	await client.Authorize(_authConfigurationProvider.Get(), true); //<--- Pass true to register user

	if (client.AuthotizationState == Kinde.Api.Enums.AuthotizationStates.UserActionsNeeded)
	{
		return Redirect(await client.GetRedirectionUrl(correlationId));
	}

	return RedirectToAction("Index");
}

When defining the above methods in your controller class, ensure that Kinde assembly is included by adding using Kinde;

Manage redirects

When the user is redirected back to your site from Kinde, this code executes:

public IActionResult Callback(string code, string state)
{
	Kinde.KindeClient.OnCodeRecieved(code, state);
	string correlationId = HttpContext.Session?.GetString("KindeCorrelationId");
	var client = KindeClientFactory.Instance.Get(correlationId); //already authorized instance

	// Api call
	var myOrganization  = client.CreateOrganizationAsync("My new best organization");
	return RedirectToAction("Index");
}

Log out

Logging out is a two step process: local cache cleanup and token revocation on the Kinde side.

When the client.Logout() method is called, it redirects the user to a redirect URL for token revocation.

Example:

public async Task<IActionResult> Logout()
{
	string correlationId = HttpContext.Session?.GetString("KindeCorrelationId");
	var client = KindeClientFactory.Instance.GetOrCreate(correlationId, _appConfigurationProvider.Get());
	var url = await client.Logout();
	return Redirect(url);
}

Get user information

You need to have already authenticated before you call the API, otherwise errors can happen. To access the user information, use the GetUserProfile method:

public async Task<IActionResult> Index()
{
	if (HttpContext.Session.GetString("KindeCorrelationId") != null)
	{
		var client = KindeClientFactory.Instance.Get(HttpContext.Session.GetString("KindeCorrelationId"));

		if(client.AuthotizationState == Kinde.Api.Enums.AuthotizationStates.Authorized)
		{
			ViewBag.Authorized = true;
			var model = await client.GetUserProfile();
			return View("Index", model);
		}
	}
	return View("Index");
}

View users in Kinde

Go to the Users page in Kinde to see who has registered.

User Permissions

After a user signs in and they are verified, the token return includes permissions for that user. User permissions are set in Kinde, but you must also configure your application to unlock these functions.

Example permissions:

String[] permissions = {
	“create:todos”,
	“update:todos”,
	“read:todos”,
	“delete:todos”,
	“create:tasks”,
	“update:tasks”,
	“read:tasks”,
	“delete:tasks”,
}

If you need help connecting to Kinde, please contact us at support@kinde.com.

Get more support

See Kinde in action

Find out what Kinde can do in a live demo with one of our experts.

Book a demo

Talk to us

If you can’t find what you’re looking for in our help center - email our team. We’d love to hear from you.

Contact support
Talk to us