Replies: 34 comments 45 replies
-
Problem seem to be similar to #371 (comment) and according this comment
all of my changes are done in |
Beta Was this translation helpful? Give feedback.
-
I am facing the same issue :( |
Beta Was this translation helpful? Give feedback.
-
Is there a solution to this? Using exactly the same and having the same problem. |
Beta Was this translation helpful? Give feedback.
-
Did anyone manage? Experiencing exactly the same issue |
Beta Was this translation helpful? Give feedback.
-
Have the same issue, next-auth 4.22.1, nextjs 13.4.2. Keycloak as IDP. |
Beta Was this translation helpful? Give feedback.
-
I don't have a solution yet, but I believe this problem relates to the same issue noted here regarding only having read-only access to the session cookie when using the In my case, I can refresh successfully for the duration of the session; however, if I refresh the page, I get the same symptom you're dealing with. The issue is that, while the refresh process works and the |
Beta Was this translation helpful? Give feedback.
-
You are facing the same problem as #7522. It's probably going to be resolved in a new major version. I received a comment from Next.js team member about adding API for writing cookies in RSC (since currently it's read-only):
|
Beta Was this translation helpful? Give feedback.
-
Hi, same issue in Sveltekit with
|
Beta Was this translation helpful? Give feedback.
-
Hey everyone. Any updates on this? Thanks @dever23b for the very clear explanation. I'm using Auth0 and without a fix i'm going to have to set the access_token to longer than i'd like. |
Beta Was this translation helpful? Give feedback.
-
next-auth/packages/next-auth/src/react/index.tsx Lines 161 to 167 in a79774f next-auth/packages/next-auth/src/react/index.tsx Lines 474 to 478 in a79774f Looking at how getSession({ req: { body: { csrfToken: await getCsrfToken() } } }) Note: It only updates the token of the first async call. |
Beta Was this translation helpful? Give feedback.
-
I'm having the same issue using: "@auth/core": "^0.9.0",
"@auth/sveltekit": "^0.3.5", The new token is passed correctly to the session callback, but it is not updated for the |
Beta Was this translation helpful? Give feedback.
-
Having the same issue |
Beta Was this translation helpful? Give feedback.
-
getServerSession() solve the problem for me, here is an example how to get the session on client side (just pass the session in the props and you are fine) import { GetServerSideProps } from 'next';
import { getServerSession } from 'next-auth';
import { authOptions } from '@/pages/api/auth/[...nextauth]';
import useRefreshTokenError from '@/hooks/useRefreshTokenError';
import React from 'react';
export default function Home({ error }: { error: string | null }) {
useRefreshTokenError(error);
return <span className="title-box">Welcome</span>;
}
export const getServerSideProps: GetServerSideProps = async (context) => {
const session = await getServerSession(context.req, context.res, authOptions);
if (!session) {
return {
redirect: {
destination: '/',
permanent: false,
},
};
}
const error = (session as any)?.error;
return {
props: {
error: error || null,
},
};
}; |
Beta Was this translation helpful? Give feedback.
-
I was facing similar issue. This is how i Fixed it.
The issue that i had in my code was that i was returning new tokens without including previous token properties. so i changed from this to this so when you return your new tokens, don't just send back new tokens. also include ...token (previous token that we get from jwt props) |
Beta Was this translation helpful? Give feedback.
-
I documented some stuff here: #7558 (comment) |
Beta Was this translation helpful? Give feedback.
-
I also have the same problem, may have to wait for the next update. I'm looking for an alternative, if anyone has an alternative, please share with me |
Beta Was this translation helpful? Give feedback.
-
I'm seeing the same issue using the Auth0 provider. I'm testing using the latest Next auth demo app ( In my browser I can see the session cookie value and lifetime is actually updating when refreshing the browser but if i log If anyone has a solution to this it would be much appreciated. For context my app uses a JWT to form an auth header, we add this to requests to a custom BE that checks them against Auth0. Seems like a pretty standard use case. |
Beta Was this translation helpful? Give feedback.
-
Ah, it seems to be a major bug. Has anyone found a workaround for this? |
Beta Was this translation helpful? Give feedback.
-
This is still an issue... |
Beta Was this translation helpful? Give feedback.
-
Please god help us |
Beta Was this translation helpful? Give feedback.
-
I have my own backend with JWT and credentials sign-in, and this issue directly affects my workflow. I think they are no longer focusing on this package since they are updating auth.js, which, in my opinion, is not a wise choice when it comes to authentication, opting for a multiplatform library. Based on that, I learned more about the next-auth package and created my own library implementing the next-auth JWT functions. I believe the result is excellent; I'm using it in my project, and the middleware in Next.js is very effective in handling sessions. If someone has the knowledge to open a pull request to next-auth, fixing the middleware part, I think this will solve your problems. For now, I'm sharing my public package for your review and use if needed. |
Beta Was this translation helpful? Give feedback.
-
After several hours of trying to figure out what I was doing wrong, I'm at least relieved to find this discussion and learn that it's a bug. Same problem where the refresh logic is working, but the old token is still the one loaded on the next request.
|
Beta Was this translation helpful? Give feedback.
-
I found out that the session wasn't updating after an api request. After digging a lot, I've found this:
Call update() in your client after making the API call and it'll sync the backend session with your cookies and you'll now have the new AccessToken and RefreshToken. Now I have to figure out a way to call update after each API request. |
Beta Was this translation helpful? Give feedback.
-
Hi, we've run into the same issue. We're using Next12 with page router and a custom Some comments have mentioned that the We added a Obviously this is not an ideal solution but perhaps it can help someone with better insight in this issue. The sleep utils is just a simple wait promise
In our
Our |
Beta Was this translation helpful? Give feedback.
-
@aliyss @ryanwi @karlbessette @ssolders @ApinisMikelis @desiboli @MarkMurphy37 @wppaing @mohammedsafvan @muhammadali-pro For anyone still wondering, workarounds / temporary solutions are available here: #9715 (hats off to the guy Rinvii who first came up with it). See my comment: #9715 (reply in thread). |
Beta Was this translation helpful? Give feedback.
-
If you're using the app router and auth.js v5 and encountering this issue, make sure your folder name follows the structure: |
Beta Was this translation helpful? Give feedback.
-
I've encountered an issue where the refresh token operation is initially successful, but after several attempts, it fails to fully update. Subsequently, all attempts to refresh fail continuously. Is there any suggestion to ensure the refresh token process always succeeds, regardless of how many times it's attempted? my next auth version : 4.24.4 and next 13.4.10
and this my middleware
Are there any recommendations to ensure that the refresh token process works as expected every time? I'm looking for solutions that guarantee success in refreshing tokens, no matter how many attempts are made. I've been stuck on this refresh token issue for two weeks now. Any advice or solutions would be greatly appreciated |
Beta Was this translation helpful? Give feedback.
-
anybody can help me pleasee, i can't update my token :( this my middleware :
this my main middleware :
|
Beta Was this translation helpful? Give feedback.
-
After a battle i solved the rotation issue i faced. Now the outdated token issue. am tired. Using v5-b, nxt-14
|
Beta Was this translation helpful? Give feedback.
-
on authjs (next auth 5) and nextjs 14, i managed to updated the token manually from the middlware import { getToken, encode } from "next-auth/jwt"; if (TokenIsExpired) { |
Beta Was this translation helpful? Give feedback.
-
I have implemented
credentials
provider (custom backend) with token rotation (based on https://next-auth.js.org/tutorials/refresh-token-rotation). Signin/Signout works nicely. When I callgetServerSession
I get everything correctly. Problem occurs when I need refresh access token. To be more specific refresh itself seems to be ok but new access/refresh token seems NOT be to stored se when I callgetServerSession
after refreshjwt callback
seems to work with old data.Example. After successfull sing in i have
My JWT callback is almost identical to example from doc.
If its token expired for first time its renew correctly. If I console log it after "refresh" and also in session callback there are new tokens:
Tokens are different and everything seems to be ok. But if i call
getServerSession
once more its called refresh again and console log showsAs you can see there seems to be same tokens and everything like it was after sing in. And newly obtained tokes from refresh disappeared somehow. I have tried it multiple times but results is always the same. Does anybody knows what am i doing wrong? I read documentation and searched for issues and I found nothing.
I use nextjs 13.1.6 and next auth 4.19.2.
Any help would be appreciated.
Beta Was this translation helpful? Give feedback.
All reactions