New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Refresh token rotation in documentation #9109
Comments
Thanks for this. I also bumped into this problem. |
Hey thanks for pointing this out, we've put up a refresh token guide on the new website as well and it basically looks like your recommendation. Does this cover what you were looking for? https://authjs.dev/guides/refresh-token-rotation |
no, there is still also |
Okay gothca, I'll double check the Regarding the |
Yeah, I guess it should work, but since google tell you the exact number (as I can remember, and you can see from the response), you don't have to calculate by yourself. And since this whole process is async it is better to set the values google sent for you. |
Yeah good point. I've cleaned up the jwt guide a bit now, check it out - https://authjs.dev/guides/refresh-token-rotation |
Yes, it's better, thanks. I think this is just an example, and the people who will implement refresh token rotation will figure out from this what to do, even if the example code is not type perfect especially if later this will be implemented by Auth.js. Last thing I would do is to put this link somewhere in the description. |
Yeah we're not really happy with it etiher, but its such a highly requested thing we just decided to put it back up for now. Regarding the link, its obviously google specific, so I'll put it on the Google provider docs page (https://authjs.dev/getting-started/providers/google). I think we've covered everythign then, I'll close the issue, thanks again 🙏 |
What is the improvement or update you wish to see?
On the new website there is an example of renewing access token for google.
line will not be good because Google response is like in this format:
but TokenSet has
expires_at
notexpires_in
.tho here:
if i'm not wrong this is the first time google issues a token, so we won't have
expires_in
but ratherexpires_at
Furthermore
in this example jwt function complains about a ts errro because it should return
JWT
fromnext-auth/jwt
To resolve this, we should create a token at the beginning of the jwt function and return that at the end.
Is there any context that might help us understand?
No.
Does the docs page already exist? Please link to it.
https://authjs.dev/guides/basics/refresh-token-rotation?frameworks=core
The text was updated successfully, but these errors were encountered: