Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Should getSession on the server allow update of token in jwt callback? #672

Closed
4 tasks
simonbbyrne opened this issue Sep 13, 2020 · 3 comments
Closed
4 tasks

Should getSession on the server allow update of token in jwt callback? #672

simonbbyrne opened this issue Sep 13, 2020 · 3 comments
Labels
question Ask how to do something or how something works stale Did not receive any activity for 60 days

Comments

@simonbbyrne
Copy link

simonbbyrne commented Sep 13, 2020
edited
Loading

Your question
Does a call to getSession on the server return a stale token in the jwt callback? I'm experiencing similar to #371 (comment)
If I make the clientMaxAge small, I can get it to update. However, it would be not be very efficient. Greatly appreciate some advice on this please. I'm not sure if this is a bug.

This can be reproduced in the next-auth-example by adding the following to the jwt callback and click the Server page

    jwt: async (token) => {
      console.log("--jwt");
      if (!token) {
        return token;
      }

      console.log(token.test);

      if (!token.test) {
        token.test = 1;
        return token;
      }

      token.test = token.test + 1;

      return token;
    },
  },

Output:

--jwt
1
--jwt
1
--jwt
2
--jwt
2
--jwt
2
--jwt
2
--jwt
2
--jwt
2

What are you trying to do
Big picture - I'm trying to rotate access tokens after a short expiry. I'm using Auth0 provider and storing the roles/permissions in the access token which are passed to API to authorize. Without a rotation I can't update the roles/permissions in timely manner.

Feedback
Documentation refers to searching through online documentation, code comments and issue history. The example project refers to next-auth-example.

  • Found the documentation helpful
  • Found documentation but was incomplete
  • [x ] Could not find relevant documentation
  • Found the example project helpful
  • Did not find the example project helpful
@simonbbyrne simonbbyrne added the question Ask how to do something or how something works label Sep 13, 2020
@simonbbyrne
Copy link
Author

Can anyone help with this question please

@stale
Copy link

stale bot commented Dec 5, 2020

Hi there! It looks like this issue hasn't had any activity for a while. It will be closed if no further activity occurs. If you think your issue is still relevant, feel free to comment on it to keep ot open. Thanks!

@stale stale bot added the stale Did not receive any activity for 60 days label Dec 5, 2020
@stale
Copy link

stale bot commented Dec 12, 2020

Hi there! It looks like this issue hasn't had any activity for a while. To keep things tidy, I am going to close this issue for now. If you think your issue is still relevant, just leave a comment and I will reopen it. (Read more at #912) Thanks!

@stale stale bot closed this as completed Dec 12, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Ask how to do something or how something works stale Did not receive any activity for 60 days
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@simonbbyrne