Next.js Discord

Discord Forum

admin token

Answered
Gazami crab posted this in #help-forum
Open in Discord
Avatar
Gazami crabOP
what if i have a user control panel made in nextjs + nextauth, i set my admin level into the jwt, i remove the admin from its role, how can i force the refresh of its token?
Answered by fuma & joulev pray for Schneider
A simple answer is no, you can’t force refresh the token since you aren’t able to know whether the admin’s role is removed.

JWT tokens are stored locally in their browser, if you want to force refresh it, you must do it every time they sent a request to your server. This can lead to a poor performance. And secondly, NextAuth only updates the token when user re-login.

A workaround is to check it manually in the page, with database queries
View full answer

1 Reply

Avatar
fuma & joulev pray for Schneider
A simple answer is no, you can’t force refresh the token since you aren’t able to know whether the admin’s role is removed.

JWT tokens are stored locally in their browser, if you want to force refresh it, you must do it every time they sent a request to your server. This can lead to a poor performance. And secondly, NextAuth only updates the token when user re-login.

A workaround is to check it manually in the page, with database queries
Answer