"expires" attribute in session changes

[MehediH]

Hi!

I am using next-auth w/ the Spotify provider, however, for some reason, the expires attribute in the session seems to refresh every second/whenever I refresh the page. This should only change every hour (Spotify requires the accessToken to be renewed every hour).

Is there something I am doing wrong? Here is my next-auth config:

const options = {
  providers: [
    Providers.Spotify({
      clientId: process.env.SPOTIFY_ID,
      clientSecret: process.env.SPOTIFY_SECRET,
      scope: [
        'streaming',
        'user-read-email',
        'user-read-private',
        'user-library-read',
        'user-library-modify',
        'user-read-playback-state',
        'user-modify-playback-state',
      ]
    }),
  ],

  jwt: true,

  callbacks: {
    session: async (session, user) => {
      if(session && user){
        session.user = user;
      }

      return Promise.resolve(session);
    },

    jwt: async (token, user, account, profile, isNewUser) => {
      if(account){
        token.accessToken = account.accessToken;
        token.refreshToken = account.refreshToken;
        token.profile = profile;
      }

      return Promise.resolve(token);
    },
  },
};

Would appreciate any pointers!

[balazsorban44]

Hi there! The expires property of session means when the next-auth session expires, not the Spotify access token's expiry date. When you read the session, the expiry date will be refreshed automatically, to keep the session active. I ncase the session is not invoked, it will expire (by default, after 30 days) you can override this with the maxAge property of the session option

https://next-auth.js.org/configuration/options#session

Keep in mind that right now, refresh tokens are not utilized to keep access tokens valid, it can be implemented in user land.

You can get the idea from here: #871 (comment)

[MehediH]

Thank you! The #871 sample helped me a lot!