Using Kinde without an SDKLink to this section
Kinde is designed to help founders and developers build SaaS products by providing software infrastructure like authentication, feature flags, user management, and more.
We support connecting to Kinde through our SDKs, but everything we build is also OAuth 2 standard, so you can integrate into any language framework with Kinde without an SDK.
Get startedLink to this section
Start for free on Kinde.
OpenID ConnectLink to this section
To connect to Kinde you need to know where the endpoints are for things like authorization, tokens and user profiles. You’ll also need to know the response types and claims that are supported. All this data and more can be found in your OpenID configuration file which is located at:
Signing up and signing inLink to this section
Your users must be redirected from your product to Kinde to sign up or sign in securely. The redirect URL on your product side would look like the following:
https://<your_kinde_sudomain>.kinde.com/oauth2/auth ?response_type=code &client_id=<your_kinde_client_id> &redirect_uri=<your_app_redirect_url> &scope=openid+profile+email &state=abc
Note: Never include the client secret in the URL as this is publicly viewable.
Kinde supports all the standard OAuth 2 request parameters as well as a few additional Kinde-specific parameters to improve the end user experience. Full details can be found in the Request parameters table below.
Supported grant types for getting access tokensLink to this section
Authorization Code FlowLink to this section
Recommended for regular web applications rendered on the server.
Authorization Code Flow with Proof Key for Code Exchange (PKCE)Link to this section
Kinde supports the PKCE extension, in which case the
code_challenge_method parameters are also required. This is recommended for mobile apps and single page applications (SPAs).
Implicit flow (not supported)Link to this section
Before PKCE (see above) this was the method used by applications that were unable to store secrets securely. This flow has security implications and Kinde does not support it for this reason.
Request parametersLink to this section
There are a few useful additional parameters that Kinde supports in the authorization URL.
|Yes||The id of your application - get this from the Kinde admin area|
|No||Where your user will be redirected upon logout|
|For PKCE||A base64 encoded string of a SHA256 hash of a code verifier|
|For PKCE||Should always be |
|No||If an organization should be created along with the user|
|No||For multi-tenant or platform apps, tell Kinde which organization a user is trying to sign in or sign up to|
|Yes||The url that the user will be returned to after authentication|
|Yes||Should always be |
|No||The scopes to be requested from Kinde|
|No||Kinde will return this to your app so you can validate it came from us and prevent CSRF attacks|
Verifying the Kinde access tokenLink to this section
It’s likely you will be using a library to validate your JWTs and they will require the url for your public JSON Web Key (also known as a jwks file).
The file can be found here:
Signing out your usersLink to this section
When user sign out, you will want to clear any session or locally stored data in your app and redirect them to your preferred logout URL. Such as:
This will end their session on Kinde. A new access token or refresh token needs to be issued for them to sign in again.
To add a logout URL in Kinde, go to Settings > Applications > View Details, then add the URLs to the Allowed logout redirect URLs field. Users will be redirected back to this URL when they sign out.Developer tools