-
EnvironmentSystem: Binaries: Browsers: npmPackages: Reproduction URLhttps://github.com/MoWael11/next-auth-middleware Describe the issueI have configured the JWT refresh token rotation in Next Auth API route to update the user token on server side when the access token expires. It successfully obtains the new tokens and returns them in the JWT and session callbacks (options.ts file). But, it does not update the session in the middleware, keeping the old one with the expired token. Consequently, when I refresh the page, the middleware passes the expired tokens to the JWT callback, which are no longer valid. How to reproduceCode </>page.tsx
middleware.ts
options.ts
Run timeI will log the last 5 letters of tokens to avoid excessive length and just necessary data
Then when refreshing the page, we will see that the middleware does not update token:
Because the middleware did not update the session, it preserves the old session and passes it to the callbacks. This results issues when attempting to obtain a new access token, leading to undefined values and causing errors in the app when trying to use those values. Expected behaviorThe middleware should update the session with the values returned from next auth callbacks. So when attempting to acquire a new token, it uses the recent refresh token obtained, rather than using the old one. |
Beta Was this translation helpful? Give feedback.
Replies: 4 comments
-
Is there any kind of workaround to this? Maybe something like call session when the token is expired? |
Beta Was this translation helpful? Give feedback.
-
Can confirm that I am seeing the same issue. |
Beta Was this translation helpful? Give feedback.
-
I am using NextJS 14.1 and "next-auth": "^5.0.0-beta.3". I experience the same issue, my session tokens are not being updated. |
Beta Was this translation helpful? Give feedback.
-
I managed to resolve the issue by adding the SessionProvider into the root layout. I created a file named
I think that without the session provider, the session wasn't able to update itself effectively. However, by including the SessionProvider, the middleware now updates seamlessly. I've updated also the Reproduction Url |
Beta Was this translation helpful? Give feedback.
I managed to resolve the issue by adding the SessionProvider into the root layout. I created a file named
providers.tsx
that contains theSessionProviderClient
component, then enveloped the entire application within it:I think that without the session provider, the session wasn't able to update itself effectively. However, by including the SessionProvider, the middleware now updates seamlessly. I've updated also the Reproduction Url