Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to manually trigger next-auth to refresh the JWT? #4228

Closed
MaxRandle opened this issue Mar 21, 2022 · 1 comment
Closed

How to manually trigger next-auth to refresh the JWT? #4228

MaxRandle opened this issue Mar 21, 2022 · 1 comment
Labels
question Ask how to do something or how something works

Comments

@MaxRandle
Copy link

Question 💬

Hi Devs,

I have a situation where the user can update their personal details and some of those details are also used to make up the payload of the JWT that is generated by the server. Therefore an action performed by the client can actually cause the token to contain stale data. I have been provided with an endpoint that will regenerate a new token on the serverside and return it to the client. So I would be able to hit this endpoint and get a new token after the user updates their details in this way. My question is how can I get next-auth to accept a new token and start using it for the current and subsequent sessions? I've already read through this related issue but I've not seen a solution that will deliver the right behaviour in my case.

Some additional info:
I am aware of the jwt() callback that you can supply to next-auth, here's my understanding of how it works:

  • A token returned by the jwt() callback will be saved by next-auth for use in the current and subsequent sessions. (I assume that this would probably provide the behaviour I'm looking for if I could get jwt() to return the new token)
  • The jwt() callback fires each time a call to getSession() hook is made, so it could be triggered manually by making use of that hook.

Even though next-auth has provided a way to get the jwt() callback to fire on command, it seems like I don't have a way to get control over the arguments passed to the jwt() callback. Therefore I don't see how I would be able to write any logic inside this callback to return a new token even if the token has not expired and is still valid etc.

If anyone could point me in the right direction that would be a massive help, I'm not sure where to look at this point. I'm also not sure if the operation that I'm attempting to describe has a name (session mutation?) so even pointing me at some similar questions or threads that solve my issue under a different name would be great. Please ask me to clarify if I haven't provided enough of an explanation.

Cheers.

How to reproduce ☕️

See below from the docs (I've inserted some comments to highlight my problem)

  callbacks: {
    async signIn({ user, account, profile, email, credentials }) {
      return true
    },
    async redirect({ url, baseUrl }) {
      return baseUrl
    },
    async session({ session, user, token }) {
      return session
    },
    async jwt({ token, user, account, profile, isNewUser }) {

      // if token is expired
      if (token.expiresAt > new Date()) {
         // regenerate and return new token
      }

      // no control over the arguments passed here
      // can't write logic here to regenerate token on command even if its not expired.

      return token
    }

Contributing 🙌🏽

No, I am afraid I cannot help regarding this
@MaxRandle MaxRandle added the question Ask how to do something or how something works label Mar 21, 2022
@MaxRandle
Copy link
Author

moved to #4229

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Ask how to do something or how something works
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@MaxRandle