Use your own custom domain

By default, Kinde issues a Kinde subdomain when you first register. But for your production environment you can use your own custom domain instead of Kinde’s as your URL. For example, account.example.com instead of mydomain.kinde.com.

There are a few reasons you may wish to do this.

• It will give your users the impression they have never left your application to authenticate, creating a seamless user experience.
• For Single Page Applications (SPAs) it means we can securely set a first party cookie meaning authentication state persists for full-page refreshes and new tabs.
• If you also register the domain in the configuration for any social providers you are using, the social providers auth screen will be customized with your app details.

When to still use the Kinde domain

Even if you use custom domains, you need to use your Kinde domain for Kinde Management API access and machine-to-machine applications.

Before you begin

Link to this section

• Name your custom domain. It needs to include a subdomain for this procedure to work. Common subdomain names include account , id , or auth, e.g. account.example.com.
• Make sure your application is configured to use the exact custom domain. This includes updating the environment variables and any relevant configuration files. For example, the KINDE_ISSUER_URL needs to be updated to the custom domain.
• Ensure that the callback and logout redirect URLs in your Kinde settings are updated with the custom domain. This can be done in the Kinde dashboard under Settings > Applications > [your app] > View details.

Set up in Kinde

Link to this section

Note that the verification process can take anywhere from 5 minutes to a few hours, depending on who your domain provider is. See tips for the DNS set up below.

1. Go to Settings > Environment > Custom domain.
2. Select Add custom domain
3. In the dialog, enter your custom domain. Be sure to include the subdomain, for example account.example.com.
4. Select Save. DNS details appear. You need to add these to your domain provider site.

Add CNAME DNS records

Link to this section

1. Go to your domain provider website.
2. Create CNAME DNS records using the DNS details generated above.

Apologies that we can’t offer instructions for all situations, as this will be different depending on your provider. But here are the setup steps for Godaddy, Cloudflare, and NameCheap.

Cloudflare users: DNS entries must be DNS-only, not proxied.

Check verification status in Kinde

Link to this section

Once you have created the DNS entries, Kinde will start the verification process. This can take anywhere from a few minutes to a couple of hours. When it completes, the verification status will change to ‘Provisioned’ and an SSL certificate will be provisioned.

Your domain will then be used instead of Kinde’s. You will also receive an email notification when the process is complete.

If you encounter any errors, such as the verification taking too long, re-check the DNS records you created on your provider site, to ensure the details are correct.

The challenge DNS record needs to remain in place after verification in order for us to renew your SSL certificate on an ongoing basis.

Update your code

Link to this section

• Update your code to use the custom domain.

Add the custom domain to social sign in

Link to this section

When you use social connections to authenticate users, you need to add the callback URL to the provider app so that the custom domain shows on the sign in form, instead of kinde.com.

If you haven’t set this up, follow these instructions for the relevant social provider. If you already have social auth set up, make sure you add the custom domain callback (e.g. account.example.com/login/callback as an authorized redirect URI in the provider app.

Domains and auth end points

Link to this section

Auth endpoints are available for both custom domains and your Kinde subdomain. You can get tokens from either end point, but they are not interchangeable. For example, if you get an ID and access token from account.example.com, it cannot be used with mydomain.kinde.com.

Local domain

Link to this section

Currently, Kinde only supports *.localhost for non-https traffic.

Tips for the DNS set up

Link to this section

When you create the DNS records for linking your own domain to Kinde, be sure to match the format you have used above.

For example, if your custom domain is account.example.com, then:

Host = account

Record type = CNAME

Value = account.example.com

TTL = Leave as default

Routing policy = Leave as default

Using multi-level subdomains

Link to this section

If you are using a multi-level subdomain, like multi.subdomain.example.com, how you set up DNS records will depend on how your zones are set up.

The details provided in the admin console assumes the domain entered is adding a single level to your DNS zone, but if you are adding more than one level you’ll need to create others.

So if your business is multi.subdomain.example.com and your zone is example.com, you need to create a DNS entry for multi.subdomain, as well as for _acme-challenge.multi.subdomain.

There are many different ways people manage multi-level domains and zones, and unfortunately we can’t cover all variations in these instructions.