These instructions assume you already have a Kinde account. You can register for free here (no credit card required).
They also assume you are building with ExpressJS and have the relevant express packages already installed.
The easiest way to install the SDK is via npm or yarn
npm i @kinde-oss/kinde-node-expressYou’ll need to import our Kinde helpers into your project. We recommend you do this in the entry point of your application, typically index.js or app.js
const express = require("express");
const {
setupKinde,
protectRoute,
getUser,
} = require("@kinde-oss/kinde-node-express");
const app = express();
const config = {
clientId: <YOUR_CLIENT_ID>,
issuerBaseUrl: https://<YOUR_SUBDOMAIN>.kinde.com,
siteUrl: "http://localhost:3000",
secret: <YOUR_CLIENT_SECRET>,
redirectUrl: "http://localhost:3000",
};
setupKinde(config, app);- In Kinde, go to Settings > Applications > [Your app] > View details.
- Replace the placeholders in the code block above with the the values from the App Keys section.
- Replace
http://localhost:3000with the url of wherever your app is running.
As part of your development process, we highly recommend you create a development environment within your Kinde account. In this case, you’d use the Environment subdomain and app key values in the code block above.
Kinde will redirect your user to authenticate. They’ll be redirected back to your Express app after signing in or signing up.
To authenticate your app, you need to specify which URL Kinde should redirect your user.
- In Kinde, go to Settings > Applications > [Your app] > View details.
- Set the Allowed callback URLs (redirect URIs) to the URL of your app. This is where your application is served. For local development this could be
http://localhost:3000. This is required for your users to sign in to your app successfully. This should match theredirectUrlyou set in the config in the previous step. - Set the URLs they’ll be redirected to after signing out, by adding Allowed logout redirect URLs to your JavaScript applications logout page. For local development this could be
http://localhost:3000. This should match thesiteUrlyou set in the config in the previous step. - Select Save.
Note: http://localhost:3000 is an example of a commonly used local development URL. It should be replaced with the URL where your app is running.
Kinde provides sign in / register methods that are easy to implement. Here’s an example of adding buttons to your HTML:
<div id="logged_out_view">
<a href="/login">Login</a>
<a href="/register">Register</a>
</div>Clicking either of these buttons redirects your user to Kinde, where they authenticate before being redirected back to your site.
Once your user is redirected back to your site from Kinde, you can set a callback to take place. The callback automatically passes in the user object and any application state you set prior to the redirect.
app.get("/", (req, res) => {
if (req.session && req.session.kindeAccessToken) {
res.send("You are authenticated!");
} else {
res.send("You are not");
}
});The protectRoute middleware included in the SDK allows you to tell Express which routes are for authorized users only.
app.get("/admin", protectRoute, (req, res) => {
res.send("Welcome to the admin area");
});You can pass an unAuthorisedUrl into the setupKinde configuration object which will to tell Kinde where you would like the user to be redirected in the case of protectRoute identifying the user is not yet authenticated.
The getUser middleware included in the SDK allows you to add the user object to the request.
app.get("/admin", protectRoute, getUser, (req, res) => {
console.log(req.user);
res.send(`Hello, ${req.user.given_name}`);
});This is implemented in much the same way as signing in or registering. The Kinde SDK already comes with a /logout method.
<a href="/logout">Sign out</a>Register your first user by signing up yourself. You’ll see your newly registered user on the Users page of the relevant organization in Kinde.
This SDK also contains a library for verifying JWTs signed by Kinde. used as a layer of protect API endpoints.
Initialize the library as follows
const {jwtVerify} = require("@kinde-oss/kinde-node-express");
const verifier = jwtVerify("https://<your_kinde_subdomain>.kinde.com");Replace <your_kinde_subdomain> above with the subdomain you registered on Kinde. The step above caches your JWKS for Kinde in your Express application.
If you add the verifier middleware to an endpoint it will validate the token. If valid the users Kinde id is added to the request, otherwise a 403 error is thrown.
app.get("/some-route", verifier, (req, res) => {
console.log(req.user); // {id: kp:the-users-kinde-id}
});| Property | Type | Is required | Default | Description |
|---|---|---|---|---|
clientId | string | Yes | The id of your application - get this from the Kinde admin area | |
issuerBaseUrl | string | Yes | Either your Kinde instance URL or your custom domain. e.g https://yourapp.kinde.com | |
redirectUrl | string | Yes | The URL that the user will be returned to after authentication | |
secret | string | Yes | The secret for your application - get this from the Kinde admin area | |
siteUrl | string | Yes | Where your user will be redirected upon logout | |
unAuthorisedUrl | string | No | The URL the user will be redirected to if protectRoute finds the user is not authenticated |
Reach out to support@kinde.com if you need help getting Kinde connected.
Developer tools