This repository contains example JavaScript/TypeScript workflows for Kinde, showing how to run custom code at key points in the authentication flow using Kinde Workflows.
Kinde Workflows let you run custom JavaScript/TypeScript logic during the authentication process, giving you full control over:
- User onboarding
- Role and permission assignment
- Profile enrichment
- Custom validation or access control
- Third-party service integration
All code is executed server-side on Kinde, meaning you don’t need to host or deploy anything yourself.
This repo includes examples for:
| Folder | Triggered when |
|---|---|
/existingPassword |
a user enters their password |
/m2mToken |
an M2M token is requested |
/newPassword |
a user sets a new password (including reset) |
/postUserAuthentication |
a user completes single factor authentication (e.g Google auth) |
/preMFA |
before checking if MFA is required |
/userTokens |
ID and access tokens are generated |
/planSelection |
A user tries to change plan |
/planCancellationRequest |
A user requests to cancel their subscription |
- Block disposable emails - Allows you to block users from signing up with disposable email domains.
- Drip feed migration - Shows how to check a password against an external database before creating the user in Kinde.
- Sync passwords to another system - Use encryption keys to securely keep passwords in sync between systems.
- Custom password validation - Shows how to validate a password against your own rules.
- Sync new user data to Hubspot - Send user data and UTM tags to Hubspot when a new user record is created in Kinde.
- TrustPath impossible travel - Evaluate user login risk using TrustPath's API by checking for "impossible travel" patterns based on IP and recent login activity. If high risk is detected, access is blocked proactively.
- Set a grace period for MFA - Don't ask for MFA for a set period of time after a user has logged in.
- Add custom claims to access token - Call an external API to get data to add as custom claims to the user access token.
- Map M2M applications to organizations - Shows how to map M2M applications to organizations. Useful if using Kinde for B2B API key management
- Deny plan change - Prevent a user from changing plans. Useful if they aren't eligible to if in breach of limits
- Deny plan cancellation - Prevent a user from cancelling their plan. Useful if you need to do manual deprovisioning
- Check IP with AbuseIPDB - Checks IP of user logging in with AbuseIPDB and blocks login if abuse confidence rating is too high.
Each example includes:
- A full
.tsworkflow file - Setup or config notes
- A brief explanation of what it does
-
Open an example file and explore the code.
-
Use it as a starting point for your own workflows.
If you're looking for somewhere to start then try out the base workflow template
💡 Kinde runs workflows in a secure, isolated environment. All workflows should be deterministic and performant.
📦 Requirements
- A Kinde account
- Basic knowledge of JavaScript or TypeScript
🤝 Contributing
Have a great idea or an awesome use case? Open a PR! Contributions are welcome.