We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
We are having problems with auth0 tokens in next.js app hosted on Vercel.
We get ~10 errors “Unknown or invalid refresh token.” every minute (DAU is 500).
{ "date": "2024-04-29T10:07:52.251Z", "type": "fertft", "description": "Unknown or invalid refresh token.", "connection_id": "", "client_id": "XXX", "client_name": "XX", "ip": "XXXX", "user_agent": "Other 0.0.0 / Other 0.0.0", "hostname": "X-ai.eu.auth0.com", "user_id": "", "user_name": "", "auth0_client": { "name": "nextjs-auth0", "version": "3.5.0", "env": { "node": "v18.20.0" } }, "$event_schema": { "version": "1.0.0" }, "log_id": "XXX", "_id": "XXX", "isMobile": false, "id": "XXX" }
Login and Logout however are working.
We assume we haven’t configured the auth0/SDK properly and It doesn’t refresh expired IDs or Access tokens.
Use the following settings:
Auth0 app: Regular Web Application
ID Token Expiration: 2592000
Refresh Token Rotation: OFF
Refresh Token Expiration: ON
Absolute Expiration: ON
Inactivity Expiration: ON
Authentication Methods: Client Secret (POST)
Advanced settings - 0Auth
Algorithm: RS256
OIDC Conformant: ON
Advanced settings - grant types
Implicit, Authorisation code, Refresh Token
List of scopes in handleLogin
handleLogin
List of scopes in getAccessToken
getAccessToken
Then set up the sample app and try to use id token expiration to 1h and see what happens.
We are using withPageAuthRequired and withApiAuthReqired to protect the pages and routes just like the sample app suggests
withPageAuthRequired
withApiAuthReqired
3.5.0
18
14.1.0
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Checklist
Description
We are having problems with auth0 tokens in next.js app hosted on Vercel.
We get ~10 errors “Unknown or invalid refresh token.” every minute (DAU is 500).
Login and Logout however are working.
Our Assumption
We assume we haven’t configured the auth0/SDK properly and
It doesn’t refresh expired IDs or Access tokens.
Reproduction
Use the following settings:
Auth0 app: Regular Web Application
ID Token Expiration: 2592000
Refresh Token Rotation: OFF
Refresh Token Expiration: ON
Absolute Expiration: ON
Inactivity Expiration: ON
Authentication Methods: Client Secret (POST)
Advanced settings - 0Auth
Algorithm: RS256
OIDC Conformant: ON
Advanced settings - grant types
Implicit, Authorisation code, Refresh Token
List of scopes in
handleLoginList of scopes in
getAccessTokenThen set up the sample app and try to use id token expiration to 1h and see what happens.
Additional context
How we are using next.js:
We are using
withPageAuthRequiredandwithApiAuthReqiredto protect the pages and routes just like the sample app suggestsnextjs-auth0 version
3.5.0
Next.js version
18
Node.js version
14.1.0
The text was updated successfully, but these errors were encountered: