Overview
Kinde is an authentication and user management platform for modern SaaS applications. It supports social logins, email/SMS, passwordless, and MFA out of the box. This guide shows how to integrate Kinde with InsForge by signing a separate JWT server-side, since Kinde does not support custom JWT signing keys.
- Live Demo — A sample app using Kinde authentication with InsForge
- Source Code — GitHub repository for the sample app
Prerequisites
- An InsForge project (self-hosted or cloud)
- A Kinde account and application
Step 1: Create a Kinde Application
- Log in to your Kinde Dashboard
- Select Add application
- Name your application and choose Back-end web as the type
- Select Next.js from the SDK list
- Configure callback URLs:
- Allowed callback URL:
http://localhost:3000/api/auth/kinde_callback - Allowed logout redirect URL:
http://localhost:3000
- Allowed callback URL:
- Enable desired authentication methods (Email, Google, etc.) under Authentication
- Under App Keys, note down the Domain, Client ID, and Client Secret
Step 2: Set Up Your InsForge Project
Create a new project or link an existing one:
# Create a new project
npx @insforge/cli create
# Or link an existing project
npx @insforge/cli link --project-id <your-project-id>
Then get your project credentials:
# Get the JWT Secret
npx @insforge/cli secrets get JWT_SECRET
Note down the URL and Anon Key from the InsForge dashboard. You'll use the JWT Secret from the CLI output in a later step to sign tokens for InsForge.
Step 3: Set Up Your Application
Install the required dependencies:
npm install @kinde-oss/kinde-auth-nextjs @insforge/sdk jsonwebtoken
npm install --save-dev @types/jsonwebtoken
Add environment variables to .env.local:
# Kinde
KINDE_CLIENT_ID='YOUR_KINDE_CLIENT_ID'
KINDE_CLIENT_SECRET='YOUR_KINDE_CLIENT_SECRET'
KINDE_ISSUER_URL='https://YOUR_DOMAIN.kinde.com'
KINDE_SITE_URL='http://localhost:3000'
KINDE_POST_LOGOUT_REDIRECT_URL='http://localhost:3000'
KINDE_POST_LOGIN_REDIRECT_URL='http://localhost:3000'
# InsForge
NEXT_PUBLIC_INSFORGE_URL='YOUR_INSFORGE_URL'
NEXT_PUBLIC_INSFORGE_ANON_KEY='YOUR_INSFORGE_ANON_KEY'
INSFORGE_JWT_SECRET='YOUR_INSFORGE_JWT_SECRET'
Create the Kinde auth API route at app/api/auth/[kindeAuth]/route.js:
import { handleAuth } from "@kinde-oss/kinde-auth-nextjs/server";
export const GET = handleAuth();
Step 4: Set Up InsForge Integration
Ask your agent to complete the following steps:
1. Create the InsForge client utility
Create the InsForge client utility that signs a JWT using the Kinde user session.
This creates a server-side utility (lib/insforge.ts) that gets the Kinde user via getKindeServerSession(), signs a JWT with the InsForge secret, and passes it as edgeFunctionToken.
2. Create the database schema
Create a todos table with RLS. Columns: id, user_id, title, is_complete, created_at. Users should only be able to access their own todos.
This creates the requesting_user_id() helper function (since Kinde user IDs are strings, not UUIDs) and a todos table with Row Level Security policies.
3. Build the todo list page
Build a todo list page with full CRUD — create, read, update, and delete todos.
This creates a page that uses the InsForge client to manage todos. RLS ensures users only see their own data.
Step 5: Run Your Application
# Install dependencies if you haven't already
npm install
npm run dev
Open http://localhost:3000 and sign up with a new user through Kinde.
Note: Since authentication is handled entirely by Kinde, you will not see any users in the InsForge dashboard under Auth > Users. User records are managed in the Kinde Dashboard — check Users there to confirm the sign-up was successful.
