.NET SDK
The Kinde .NET SDK allows developers to quickly and securely integrate a new or an existing .NET application to the Kinde platform. The Kinde SDK is available from the Nuget package repository at https://www.nuget.org/packages/Kinde.SDK
You can also view the .NET docs and .NET starter kit in GitHub.
Before you begin
Link to this section- Kinde .NET SDK supports .NET 6.0+
- If you haven’t already got a Kinde account, register for free here (no credit card required). Registering gives you a Kinde domain, which you need to get started, e.g.
yourapp.kinde.com
.
Add packages to your application
Link to this sectionUse Dotnet CLI
or NuGet CLI
to add packages in your project.
Dotnet CLI:
NuGet:
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module’s version of Install-Package.
Set callback URLs
Link to this section- In Kinde, go to Settings > Applications > [Your app] > View details.
- Add your callback URLs in the relevant fields. For example:
- Allowed callback URLs (also known as redirect URIs) - for example:
https://localhost:6789/home/callback
- Allowed logout redirect URLs - for example:
https://localhost:6789
- Allowed callback URLs (also known as redirect URIs) - for example:
- Select Save.
Add environments
Link to this sectionKinde comes with a production environment, but you can set up other environments if you want to. Note that each environment needs to be set up independently, so you need to use the Environment subdomain in the code block above for those new environments.
Configure your app
Link to this sectionEnvironment variables
Link to this sectionPut these variables in your .env file:
KINDE_SITE_URL
- where your app is runningKINDE_ISSUER_URL
- your Kinde domainKINDE_POST_CALLBACK_URL
- After the user authenticates we will callback to this address. Make sure this URL is under your Allowed callback URLs (also known as redirect URIs).KINDE_POST_LOGOUT_REDIRECT_URL
- where you want users to be redirected to after logging out. Make sure this URL is under your allowed logout redirect URLs.KINDE_CLIENT_ID
- you can find this on the Application details pageKINDE_CLIENT_SECRET
- you can find this on the Application details page
SDK also supports configuration from the appsetings.json
file. If you want, you can write your own implementation of IAuthorizationConfigurationProvider
and IIdentityProviderConfigurationProvider
.
Replace everything in < angle brackets > with your own values. Here’s an example:
In your startup file (usually called Startup.cs
or Program.cs
), register configuration providers using .NET DI:
Note: The above configuration providers are referenced in the Kinde.Api.Models.Configuration
and the Microsoft.AspNetCore.Session
assembly. Those assemblies must be added to your project.
PKC256 Configuration example:
This is the most complicated configuration. The configuration for the Authentication code is the same. For Client credentials, State
is not applicable, but you don’t need to remove it.
All available types are:
Kinde.Api.Models.Configuration.PKCES256Configuration
Kinde.Api.Models.Configuration.AuthorizationCodeConfiguration
Kinde.Api.Models.Configuration.ClientCredentialsConfiguration
Besides configuration, all code approaches are quite similar. The only difference is if the authorization flow requires user redirection. In which case, for Client Credentials configuration Authorize()
call is enough for authorization. For others (PKCE and Authorization code) you should handle redirection to Kinde (as IdP) and handle callback to end authorization.
Integrate with your app
Link to this sectionYou’ll need to declare your configurations provider in your controller.
Log in and registration
Link to this sectionThe Kinde client provides methods for easy sign in and register flows.
For example, if add buttons in your HTML as follows:
Then define new actions in YourController
:
When defining the above methods in your controller class, ensure that Kinde assembly is included by adding using Kinde;
Manage redirects
Link to this sectionWhen the user is redirected back to your site from Kinde, this code executes:
Log out
Link to this sectionLogging out is a two step process: local cache cleanup and token revocation on the Kinde side.
When the client.Logout()
method is called, it redirects the user to a redirect URL for token revocation.
Example:
Get user information
Link to this sectionYou need to have already authenticated before you call the API, otherwise errors can happen. To access the user information, use the GetUserDetails
method:
View users in Kinde
Link to this sectionGo to the Users page in Kinde to see who has registered.
User permissions
Link to this sectionAfter a user signs in and they are verified, the token return includes permissions for that user. User permissions are set in Kinde, but you must also configure your application to unlock these functions.
Example permissions:
We provide helper functions to more easily access permissions:
A practical example in code might look something like:
Audience
Link to this sectionAn audience is the intended recipient of an access token - for example the API for your application. The audience argument can be passed to the Kinde client to request an audience be added to the provided token.
The audience of a token is the intended recipient of the token.
For details on how to connect, see Register an API
Overriding scope
Link to this sectionBy default the KindeSDK
requests the following scopes:
profile
email
offline
openid
You can override this by passing scope into the KindeSDK.
Getting claims
Link to this sectionWe have provided a helper to grab any claim from your id or access tokens:
Organizations
Link to this sectionCreate an organization
Link to this sectionTo have a new organization created within your application, you will need to run declare IsCreateOrganization
in your configuration:
Sign and sign in to organizations
Link to this sectionKinde has a unique code for every organization. You’ll have to pass the OrganizationId
when you want to register a new user or sign into a particular organization.
Following authentication, Kinde provides a json web token (jwt) to your application. Along with the standard information we also include the org_code
and the permissions
for that organization (this is important as a user can belong to multiple organizations and have different permissions for each).
Example of a returned token:
The id_token
will also contain an array of organizations that a user belongs to - this is useful if you wanted to build out an organization switcher for example.
There are two helper functions you can use to extract information:
For more information about how organizations work in Kinde, see Kinde organizations for developers.
SDK API reference
Link to this sectionDomain
Link to this sectionEither your Kinde instance url or your custom domain. e.g https://yourapp.kinde.com
Type: string
Required: Yes
ReplyUrl
Link to this sectionThe URL that the user will be returned to after authentication.
Type: string
Required: Yes
LogoutUrl
Link to this sectionThe URL that the user will be returned to after they sign out.
Type: string
Required: Yes
Audience
Link to this sectionThe audience claim for the JWT.
Type: string
Required: No
ClientId
Link to this sectionThe unique ID of your application as it appears in Kinde.
Type: string
Required: Yes
ClientSecret
Link to this sectionThe unique secret identifier for your application as it appears in Kinde.
Type: string
Required: Yes
Scope
Link to this sectionThe scopes to be requested from Kinde.
Type: string
Required: Yes
GrantType
Link to this sectionThe grant type to define is the flow that will be used.
Type: string
Required: Yes
IsCreateOrganization
Link to this sectionUse this field when you want to create a new organization within your application
Type: boolean
Required: No
OrganizationId
Link to this sectionUse this field when you want to register a new user or sign into a particular organization.
Type: string
Required: No
KindeSDK methods
Link to this sectionAuthorize
Link to this sectionConstructs a redirect URL and sends the user to Kinde to sign in.
Arguments:
Usage:
Register
Link to this sectionConstructs a redirect URL and sends the user to Kinde to sign up.
Arguments:
Usage:
Logout
Link to this sectionLogs the user out of Kinde.
Usage:
Renew
Link to this sectionTrying to get a new token using refresh_token
.
Usage:
GetClaim
Link to this sectionGets a claim from an access or ID token.
Arguments:
Usage:
Sample output:
GetPermission
Link to this sectionReturns the state of a given permission.
Arguments:
Usage:
Sample output:
GetPermissions
Link to this sectionReturns all permissions for the current user for the organization they are signed into.
Usage:
Sample output:
GetOrganization
Link to this sectionGet details for the organization your user is signed into.
Usage:
Sample output:
GetOrganizations
Link to this sectionGets an array of all organizations the user has access to.
Usage:
Sample output:
IsAuthenticated
Link to this sectionTo check if a user is authenticated or not.
Usage:
Sample output:
Token
Link to this sectionReturns the raw Access token from URL after logged from Kinde.
Usage:
Sample output:
Returns the profile for the current user.
Usage:
Sample output:
If you need help getting Kinde connected, contact us at support@kinde.com.