Why is Kinde built the way it is?

Kinde emphasizes the importance of open standards and secure authentication by adopting a server-rendered architecture for its UI, prioritizing security from the outset through a strict Content Security Policy (CSP). This approach minimizes attack vectors by maintaining server-driven workflows, aligning with the OAuth 2.0 framework's principles of separating public and confidential clients. By building backend-first, Kinde assumes the responsibility of mitigating security risks, allowing developers to focus on customization without compromising security. The platform supports various customization paths, including custom and self-hosted UIs, while ensuring robust protection mechanisms are in place. Kinde's commitment to security is foundational, offering a secure baseline that evolves with ongoing development while allowing users to tailor their authentication experiences.