Open drochag opened 1 week ago
We're seeing this too with @kinde-oss/kinde-typescript-sdk
. For new users, in our auth callback request handler we're removing the user from the default org and placing them in a newly created one.
A query to the Management API shows the new org state, but, querying the user's orgs via the session attached to the request still shows the user assigned only to the default org. Here's some more or less psuedo-code to illustrate. See the very last call to getUserOrganizations
to see the issue:
async function processRegisterCallback(request) {
const DEFAULT_ORG_CODE = 'org_111111111111';
// Get Management API access token
const managementAccessToken = await createKindeServerClient(
GrantType.CLIENT_CREDENTIALS,
{
// '...'
},
).getToken(getSessionManager('admin-session'));
const orgApiClient = new OrganizationsApi(
new Configuration({
accessToken: managementAccessToken,
// ...
}),
);
// Make session manager for current request
const sessionManager = makeSessionManager(
request.headers.get('Cookie').get('session_id'),
);
const kindeClient = createKindeServerClient(
GrantType.AUTHORIZATION_CODE,
{
// '...'
}
);
/*
see newly created user from registering
console.log:
{
user: {
family_name: '...',
given_name: '...',
picture: '...',
email: '...',
id: 'kp_00000000000000000000000000000000'
}
}
*/
const user = await kindeClient.getUser(sessionManager);
/*
User is in default org by default
console.log:
{ orgCodes: [ 'org_111111111111' ] }
*/
await kindeClient.getUserOrganizations(sessionManager);
/*
Create a new org via Management API
{
message: 'Success',
code: 'OK',
organization: { code: 'org_222222222222' }
}
*/
const createOrgResponse = await orgApiClient.createOrganization({
createOrganizationRequest: {
name: 'New Org',
},
});
/*
Add user to the new org
{
code: 'OK',
message: 'Users successfully added',
usersAdded: [ 'kp_00000000000000000000000000000000' ]
}
*/
await orgApiClient.addOrganizationUsers({
orgCode: createOrgResponse.organization.code,
addOrganizationUsersRequest: {
users: [
{
id: user.id,
},
],
},
});
/*
Remove user from our default org_111111111111
{
message: 'User successfully removed',
code: 'OK'
}
*/
await orgApiClient.removeOrganizationUser({
orgCode: DEFAULT_ORG_CODE,
userId: user.id,
});
/*
Get user data via Management API, it correctly shows
new org org_222222222222 is now assigned and user is no
longer in default org org_111111111111
{
id: 'kp_00000000000000000000000000000000',
providedId: undefined,
preferredEmail: '...',
username: undefined,
lastName: '...',
firstName: '...',
isSuspended: false,
picture: '...',
totalSignIns: 1,
failedSignIns: 0,
lastSignedIn: '...',
createdOn: '...',
organizations: [ 'org_222222222222' ],
identities: undefined
}
*/
const usersApiClient = new UsersApi(
new Configuration({
accessToken: managementAccessToken,
// ...
}),
);
await usersApiClient.getUserData({ id: user.id, expand: 'organizations' });
/*
Read user orgs via request session
This is wrong, it should be org_222222222222
{
orgCodes: [ 'org_111111111111' ]
}
*/
await kindeClient.getUserOrganizations(sessionManager);
}
Prerequisites
Describe the issue
While reassigning an organization for a logged in user we're unable to see the user as part of the newly created organization in any way.
Tried out using
refreshTokens
ongetKindeServerSession
from@kinde-oss/kinde-auth-nextjs/server
and alsorefreshUserClaims
fromUsersApi
on@kinde-oss/kinde-typescript-sdk
(although the last one not sure could help on reloading the current user information).Steps to reproduce:
organizationsApi.getOrganizationUsers
with the new organization codeReproduction repo / PR here
Library URL
https://github.com/kinde-oss/kinde-auth-nextjs and @kinde-oss/kinde-typescript-sdk
Library version
2.3.8 and 2.9.1
Operating system(s)
macOS
Operating system version(s)
Sonoma 14.6
Further environment details
No response
Reproducible test case URL
https://github.com/drochag/kinde-nextjs-app-router-starter-kit/pull/1
Additional information
No response