getAccessToken expiration recovery

Question

getAccessToken expiration recovery

uutahan opened this issue 6 months ago · 2 comments

Checklist

The issue can be reproduced in the nextjs-auth0 sample app (or N/A).
I have looked into the Readme, Examples, and FAQ and have not found a suitable solution or answer.
I have looked into the API documentation and have not found a suitable solution or answer.
I have searched the issues and have not found a suitable solution or answer.
I have searched the Auth0 Community forums and have not found a suitable solution or answer.
I agree to the terms within the Auth0 Code of Conduct.

Description

Let's say client navigates to new page. And in the server component for that page we try to get access token, if getAccessToken was expired in the mean time trying to get one will throw an error. Even if you wrap your middleware with authRequired getAccessToken throws because you still have a session(so you pass through authRequired) but your access token expired so it throws an error.

I couldn't find any examples what to do in this scenario going through docs. I've tried redirecting user to /api/auth/login, but that also doesn't work properly because nextjs tries to fetch it as rsc payload first and then falls back to browser navigation and finally recovers. Is there a recommended way for doing this?

Reproduction

Navigate to new page
In server component call getAccessToken
getAccessToken will throw error if its expired
Trying to redirect to /api/auth/login make the call be fetched as rsc payload initially. After that it eventually falls back to browser navigation and works.

Additional context

No response

nextjs-auth0 version

3.5.0

Next.js version

14.0.3

Node.js version

20.9.0

Answer 1 · 2024-04-05T09:07:09.000Z

This seems like something I'm having issues with. I'm getting:
[AccessTokenError]: The request to refresh the access token failed. CAUSE: invalid_grant (Unknown or invalid refresh token.)
The session is fine but it would seem the getAccessToken is using old(first) refresh token.

Even though I'm using it in the /api/endpoint/route.ts as per docs:
https://auth0.github.io/nextjs-auth0/functions/edge.getAccessToken-1.html

With withApiAuthRequired which passes but then getAccessToken gets invalid token after a while. I think it's the same case as in here: nextauthjs/next-auth#6642 (comment) even though, it's different library.

Answer 2 · 2024-04-28T18:14:45.000Z

anybody found a solution for this? why does not middleware automatically logs out user when token is expired?