You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm having the worst time trying to figure out how to invalidate the user's token inside the JWT callback so that I can force a new login. I'm using azure-ad sign in, and ending up with an invalid token in the jwt callback after calling signIn('azure-ad').
async jwt({ token, account, user }) {
token.error = "";
if (account) {
token.accessToken = account.access_token;
const exp_date = new Date(account.expires_at * 1000);
token.accessTokenExpires = exp_date;
token.refreshToken = account.refresh_token;
}
if (!token.accessToken && token.access_token) {
token.accessToken = token.access_token;
}
// Return previous token if the access token has not expired yet
const now = Date.now() / 1000;
if (now < token.accessTokenExpires) {
if (!token.hasOwnProperty('rfAdminExpiry') || token.rfAdminExpiry < new Date().getTime()) {
try {
token.rfAdminExpiry = new Date().getTime() + 15*60000;
queryMicrosoftGraph(token); // This can throw an error that the token is expired
return token;
} catch (error) {
// Do nothing, move on to try to refresh the token
}
}
}
// Access token has expired, try to update it
let newToken;
try {
// This attempts to refresh the access token, but can fail and throws an error if the refreshToken is invalid
newToken = await refreshAccessToken(token);
token.rfAdminExpiry = new Date(new Date().getTime() + 15*60000);
} catch (error) {
// The token is expired and not available to refresh; I need some way to force a new login here
token.error = "RefreshAccessTokenError";
return token;
// Returning null here is invalid, but I know of no way to force a new login
}
return newToken;
},
I'm having a situation where calling signIn('azure-ad') results in my ending up in the jwt callback with a token that is invalid for accessing Microsoft Graph and that will not allow token refresh. Attempting to refresh the token results in a 401 with the message "Lifetime validation failed, the token is expired." Is there some way for me to discard the seemingly invalid token I've ended up with to force a new token fetch with sign-in? How do I continue on?
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
I'm having the worst time trying to figure out how to invalidate the user's token inside the JWT callback so that I can force a new login. I'm using azure-ad sign in, and ending up with an invalid token in the jwt callback after calling signIn('azure-ad').
I'm having a situation where calling signIn('azure-ad') results in my ending up in the jwt callback with a token that is invalid for accessing Microsoft Graph and that will not allow token refresh. Attempting to refresh the token results in a 401 with the message "Lifetime validation failed, the token is expired." Is there some way for me to discard the seemingly invalid token I've ended up with to force a new token fetch with sign-in? How do I continue on?
Beta Was this translation helpful? Give feedback.
All reactions