admin token
Answered
Gazami crab posted this in #help-forum
Gazami crabOP
what if i have a user control panel made in nextjs + nextauth, i set my admin level into the jwt, i remove the admin from its role, how can i force the refresh of its token?
Answered by fuma 💙 joulev
A simple answer is no, you can’t force refresh the token since you aren’t able to know whether the admin’s role is removed.
JWT tokens are stored locally in their browser, if you want to force refresh it, you must do it every time they sent a request to your server. This can lead to a poor performance. And secondly, NextAuth only updates the token when user re-login.
A workaround is to check it manually in the page, with database queries
JWT tokens are stored locally in their browser, if you want to force refresh it, you must do it every time they sent a request to your server. This can lead to a poor performance. And secondly, NextAuth only updates the token when user re-login.
A workaround is to check it manually in the page, with database queries
1 Reply
fuma 💙 joulev
A simple answer is no, you can’t force refresh the token since you aren’t able to know whether the admin’s role is removed.
JWT tokens are stored locally in their browser, if you want to force refresh it, you must do it every time they sent a request to your server. This can lead to a poor performance. And secondly, NextAuth only updates the token when user re-login.
A workaround is to check it manually in the page, with database queries
JWT tokens are stored locally in their browser, if you want to force refresh it, you must do it every time they sent a request to your server. This can lead to a poor performance. And secondly, NextAuth only updates the token when user re-login.
A workaround is to check it manually in the page, with database queries
Answer