Middleware callback function authorized is not using updated token. #8144
Replies: 5 comments
-
I am facing the same problem. Has anyone found a solution yet? |
Beta Was this translation helpful? Give feedback.
-
I'm also facing The problem, my refreshtoken I'm getting in the jwt callback does not update... Therefore I can update my accesstoken only once. |
Beta Was this translation helpful? Give feedback.
-
I got it working with custom cookie check, to get session token: export default withAuth({
jwt: {
decode: ({ secret, token }) => {
return jwt.verify(token!, secret);
},
},
callbacks: {
authorized: ({ token, req }) => {
const cookie = req.cookies.get("next-auth.session-token")?.value;
// console.log(cookie, "cookie");
return !!cookie;
},
},
}); |
Beta Was this translation helpful? Give feedback.
-
I am facing the same issue. If the refresh token flow fails, I want to add an error property (as mentioned in the documentation), but the token in the middleware does not contain this property. |
Beta Was this translation helpful? Give feedback.
-
I am also facing this issue. In the middleware I cannot acces an error property when a Refresh token flow is not working:
And the middleware function:
|
Beta Was this translation helpful? Give feedback.
-
Description 📓
I am using authjs's middleware to protect all pages and have the following configuration in my middleware.js at the 'app' directory level:
At the login, I am using the JWT strategy and I have a backend where I get the access_token and refresh_token. In the new documentation, it is recommended that you deal with the refresh token rotation at the JWT callback function.
https://authjs.dev/guides/basics/refresh-token-rotation
The problem:
The middleware function doesn't seem to call the JWT callback, therefore if the access token expires, in the authorized callback, the token is outdated.
Feature request:
In the authorized callback, as well as custom middleware function, make the token parameter up to date by running the JWT callback so in the case that access token is expired, the rotation to be handled in the JWT callback and the middleware to have the up to date token
How to reproduce ☕️
.
Contributing 🙌🏽
No, I am afraid I cannot help regarding this
Beta Was this translation helpful? Give feedback.
All reactions