-
Notifications
You must be signed in to change notification settings - Fork 22
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Issues with refresh token #1
Comments
i have the same issue: |
Try to add following to
function ` async function refreshToken(token: JWT): Promise { if (currentTime - lastRefreshTime < refreshRateLimit) { lastRefreshTime = currentTime; const res = await fetch(process.env.NEXT_PUBLIC_API_URL + "/auth/refresh", { const response = await res.json(); return { |
Any updates on this issue ? |
Great job on the template.
On refresh I noticed three issues:
May be related to this: Tokens rotation does not persist the new token
Potential fix: Handling session updates & Updating the session
Example in the jwt callback:
If concerns about time difference, can also reduce jwt payload exp time given vs Date.now() by a few seconds
Can use the same logic to check refresh token expiration and that leads me to the third issue.
Several ways to handle:
Redirect to login and update the session with the new jwt access and refresh tokens upon success.
Redirect to login and upon success redirect to previous page user was accessing.
Redirect to logout - bad UX if user was in the middle of changing data requiring an unexpired access and refresh token.
Middleware could be a solution for some of the issues as well - example middleware
The text was updated successfully, but these errors were encountered: