PHPackages habityzer/kinde-bundle - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. habityzer/kinde-bundle ActiveSymfony-bundle[Authentication & Authorization](/categories/authentication) habityzer/kinde-bundle ====================== Symfony bundle for Kinde authentication integration with JWT validation, webhooks, and user sync v2.0.0(5mo ago)015[1 PRs](https://github.com/Habityzer/kinde-bundle/pulls)MITPHPPHP >=8.2 Since Oct 13Pushed 1mo agoCompare [ Source](https://github.com/Habityzer/kinde-bundle)[ Packagist](https://packagist.org/packages/habityzer/kinde-bundle)[ RSS](/packages/habityzer-kinde-bundle/feed)WikiDiscussions master Synced 1mo ago READMEChangelogDependencies (9)Versions (6)Used By (0) Habityzer Kinde Bundle ====================== [](#habityzer-kinde-bundle) Symfony bundle for Kinde authentication integration with JWT validation, webhooks, and user synchronization. Features -------- [](#features) - ✅ **JWT Token Validation** - Validates Kinde tokens using JWKS with automatic caching - ✅ **Symfony Security Integration** - Custom authenticator for seamless integration - ✅ **User Synchronization** - Sync users from Kinde to your database - ✅ **Webhook Support** - Handle Kinde webhook events (user updates, subscriptions) - ✅ **Event-Driven** - Dispatch Symfony events for business logic - ✅ **Fully Decoupled** - Uses interfaces for app-specific logic - ✅ **Debug Command** - CLI tool to inspect and debug JWT tokens Requirements ------------ [](#requirements) - PHP 8.2 or higher - Symfony 6.4 or 7.x - Kinde account with configured application Installation ------------ [](#installation) ``` composer require habityzer/kinde-bundle ``` The bundle installs successfully without configuration, but you **must** configure it before using: ### 1. Set Environment Variables [](#1-set-environment-variables) Add to your `.env` file: ``` KINDE_DOMAIN=https://your-business.kinde.com KINDE_CLIENT_ID=your-client-id-from-kinde KINDE_CLIENT_SECRET=your-client-secret KINDE_WEBHOOK_SECRET=your-webhook-secret ``` Get these values from your [Kinde Dashboard](https://app.kinde.com/settings/applications). See [Kinde Setup Guide](docs/KINDE_SETUP.md) for detailed instructions. ### 2. Create Configuration File [](#2-create-configuration-file) Create `config/packages/habityzer_kinde.yaml`: ``` habityzer_kinde: domain: '%env(KINDE_DOMAIN)%' client_id: '%env(KINDE_CLIENT_ID)%' client_secret: '%env(KINDE_CLIENT_SECRET)%' webhook_secret: '%env(KINDE_WEBHOOK_SECRET)%' ``` ### 3. Clear Cache [](#3-clear-cache) ``` php bin/console cache:clear ``` > **Note:** The bundle will throw helpful runtime errors if you try to use authentication without proper configuration. Configuration Reference ----------------------- [](#configuration-reference) ``` # config/packages/habityzer_kinde.yaml habityzer_kinde: # Required: Your Kinde domain (e.g., https://your-business.kinde.com) domain: '%env(KINDE_DOMAIN)%' # Required: Kinde application client ID client_id: '%env(KINDE_CLIENT_ID)%' # Optional: Kinde application client secret (for server-side flows) client_secret: '%env(KINDE_CLIENT_SECRET)%' # Required for webhooks: Secret for webhook signature verification webhook_secret: '%env(KINDE_WEBHOOK_SECRET)%' # Optional: JWKS cache duration in seconds (default: 3600 = 1 hour) jwks_cache_ttl: 3600 # Optional: Auto-register webhook route at /api/webhooks/kinde (default: true) enable_webhook_route: true ``` Quick Start ----------- [](#quick-start) ### 1. Implement the User Provider Interface [](#1-implement-the-user-provider-interface) Create a class that implements `KindeUserProviderInterface` to handle user management: ``` namespace App\Kinde; use Habityzer\KindeBundle\Contract\KindeUserProviderInterface; use App\Entity\User; use App\Repository\UserRepository; use Doctrine\ORM\EntityManagerInterface; class UserProvider implements KindeUserProviderInterface { public function __construct( private readonly UserRepository $userRepository, private readonly EntityManagerInterface $em ) {} public function findByKindeId(string $kindeId): ?object { return $this->userRepository->findOneBy(['kindeId' => $kindeId]); } public function syncUser(array $kindeUserData): object { $user = new User(); $user->setKindeId($kindeUserData['kinde_id']); $user->setEmail($kindeUserData['email']); $user->setName($kindeUserData['name'] ?? ''); $this->em->persist($user); $this->em->flush(); return $user; } public function updateUser(object $user, array $kindeUserData): void { $user->setEmail($kindeUserData['email']); $user->setName($kindeUserData['name'] ?? ''); $this->em->flush(); } public function handleUserDeletion(object $user): void { $user->setKindeId(null); // Soft delete approach $this->em->flush(); } } ``` Register it as a service: ``` # config/services.yaml services: App\Kinde\UserProvider: tags: - { name: 'habityzer_kinde.user_provider' } ``` ### 2. Configure Security [](#2-configure-security) ``` # config/packages/security.yaml security: firewalls: # Allow public access to Kinde webhook kinde_webhook: pattern: ^/api/webhooks/kinde$ stateless: true security: false # API firewall with Kinde authentication api: pattern: ^/api/ stateless: true custom_authenticators: - Habityzer\KindeBundle\Security\KindeTokenAuthenticator ``` ### 3. Token Format [](#3-token-format) When making API requests, prefix your Kinde JWT tokens with `kinde_`: ``` Authorization: Bearer kinde_eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImtpZF8xMjM0In0... ``` This prefix allows the authenticator to identify Kinde tokens and coexist with other authentication methods. The authenticator automatically removes the `kinde_` prefix before validating the JWT. **Client-side example (JavaScript):** ``` // Prepend kinde_ to your JWT token const kindeToken = 'eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImtpZF8xMjM0In0...'; const authHeader = `Bearer kinde_${kindeToken}`; fetch('/api/protected-endpoint', { headers: { 'Authorization': authHeader } }); ``` ### 4. Subscribe to Webhook Events [](#4-subscribe-to-webhook-events) ``` namespace App\EventSubscriber; use Habityzer\KindeBundle\Event\KindeEvents; use Habityzer\KindeBundle\Event\KindeSubscriptionUpdatedEvent; use Habityzer\KindeBundle\Event\KindeUserDeletedEvent; use Symfony\Component\EventDispatcher\EventSubscriberInterface; class KindeWebhookSubscriber implements EventSubscriberInterface { public static function getSubscribedEvents(): array { return [ KindeEvents::SUBSCRIPTION_UPDATED => 'onSubscriptionUpdated', KindeEvents::USER_DELETED => 'onUserDeleted', ]; } public function onSubscriptionUpdated(KindeSubscriptionUpdatedEvent $event): void { $userId = $event->getUserId(); $planName = $event->getPlanName(); // Your business logic here } public function onUserDeleted(KindeUserDeletedEvent $event): void { $kindeId = $event->getKindeId(); // Your cleanup logic here } } ``` Events ------ [](#events) The bundle dispatches the following Symfony events: Event ConstantEvent NameDescription`KindeEvents::USER_UPDATED``kinde.user.updated`User information updated in Kinde`KindeEvents::USER_DELETED``kinde.user.deleted`User deleted from Kinde`KindeEvents::USER_AUTHENTICATED``kinde.user.authenticated`User authenticated via webhook`KindeEvents::SUBSCRIPTION_CREATED``kinde.subscription.created`New subscription created`KindeEvents::SUBSCRIPTION_UPDATED``kinde.subscription.updated`Subscription plan changed`KindeEvents::SUBSCRIPTION_CANCELLED``kinde.subscription.cancelled`Subscription cancelled`KindeEvents::SUBSCRIPTION_REACTIVATED``kinde.subscription.reactivated`Subscription reactivated📖 See [Events Reference](docs/EVENTS.md) for complete event documentation with all available methods. Debug Command ------------- [](#debug-command) Debug JWT tokens to inspect claims and troubleshoot issues: ``` # Accepts tokens with or without kinde_ prefix php bin/console kinde:debug-token YOUR_JWT_TOKEN php bin/console kinde:debug-token kinde_YOUR_JWT_TOKEN php bin/console kinde:debug-token "Bearer kinde_YOUR_JWT_TOKEN" ``` The command automatically strips `Bearer ` and `kinde_` prefixes if present. Output includes: - Token header (algorithm, type) - All payload claims - Email presence check with fix suggestions - Token expiration status Documentation ------------- [](#documentation) DocumentDescription[Installation Guide](INSTALL.md)Detailed step-by-step installation[Events Reference](docs/EVENTS.md)Complete event classes documentation[Services API](docs/SERVICES.md)Services and their public methods[Kinde Setup](docs/KINDE_SETUP.md)Configure Kinde dashboard for this bundle[Advanced Usage](docs/ADVANCED.md)Advanced scenarios and customizationArchitecture ------------ [](#architecture) ``` ┌─────────────────┐ ┌──────────────────────┐ ┌─────────────────┐ │ HTTP Request │────▶│ KindeTokenAuthenticator │────▶│ Your User │ │ (Bearer Token) │ └──────────────────────┘ │ Entity │ └─────────────────┘ │ └─────────────────┘ │ ┌────────────┴────────────┐ ▼ ▼ ┌─────────────────┐ ┌─────────────────┐ │ KindeTokenValidator │ │ KindeUserSync │ │ (JWKS validation) │ │ (User provider) │ └─────────────────┘ └─────────────────┘ │ │ ▼ ▼ ┌─────────────────┐ ┌─────────────────────┐ │ KindeUserInfoService │ │ KindeUserProviderInterface │ │ (Fallback for email) │ │ (Your implementation) │ └─────────────────┘ └─────────────────────┘ ``` License ------- [](#license) MIT Support ------- [](#support) For issues and questions: ### Health Score 38 — LowBetter than 85% of packages Maintenance83 Actively maintained with recent releases Popularity6 Limited adoption so far Community2 Small or concentrated contributor base Maturity51 Maturing project, gaining track record How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~17 days Total 4 Last Release 157d ago Major Versions v1.0.2 → v2.0.02025-12-03 ### Community Maintainers ![](https://www.gravatar.com/avatar/ee7d800ab76ec6ed39e834393f45e9c914a0c8d2f156da3f7bf7bf2dc997be8a?d=identicon)[vazgen](/maintainers/vazgen) --- Tags jwtsymfonyAuthenticationoauthwebhookkinde ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/habityzer-kinde-bundle/health.svg) ``` [![Health](https://phpackages.com/badges/habityzer-kinde-bundle/health.svg)](https://phpackages.com/packages/habityzer-kinde-bundle) ``` ### Alternatives [auth0/symfony Symfony SDK for Auth0 Authentication and Management APIs. 128738.1k](/packages/auth0-symfony)[hwi/oauth-bundle Support for authenticating users using both OAuth1.0a and OAuth2 in Symfony. 2.4k21.5M68](/packages/hwi-oauth-bundle)[sulu/sulu Core framework that implements the functionality of the Sulu content management system 1.3k1.3M152](/packages/sulu-sulu)[simplesamlphp/simplesamlphp A PHP implementation of a SAML 2.0 service provider and identity provider. 1.1k12.4M192](/packages/simplesamlphp-simplesamlphp)[scheb/2fa Two-factor authentication for Symfony applications (please use scheb/2fa-bundle to install) 578630.7k1](/packages/scheb-2fa)[scheb/2fa-bundle A generic interface to implement two-factor authentication in Symfony applications 6914.0M61](/packages/scheb-2fa-bundle) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)