Next.js Discord

Discord Forum

Refreshtoken using an external API and Nextauth (JWT)

Unanswered
Asiatic Lion posted this in #help-forum
Open in Discord
Asiatic LionOP
I have a Django backend and the frontend is made with Nextjs and Nextauth
I was working with normal accessTokens until now that I want to add RefreshToken to work too
The token gets expired and blacklisted by backend each 15 mins and we need to use refreshToken to grant a new accessToken
But now I don't know what to do


auth.ts : 
export const options: NextAuthOptions = { 
  ....

            async authorize(credentials) {
                if (!credentials) {
                    throw new Error('لطفا کد را وارد کنید');
                }

                const apiBaseUrl = process.env.NEXT_PUBLIC_API_BASE_URL;
                const response = await fetch(`${apiBaseUrl}/auth/verify`, {
                    method: 'POST',
                    headers: {
                        'Content-Type': 'application/json'
                    },
                    body: JSON.stringify({
                        phone: credentials.phoneNumber,
                        otp_code: credentials.otp
                    })
                });

                const data = await response.json();

                if (data.result) {
                    console.log(data)
                    return {
                        id: data.data.user.id,
                        phone: data.data.user.phone,
                        firstName: data.data.user.first_name,
                        lastName: data.data.user.last_name,
                        email: data.data.user.email,
                        role: data.data.user.role,
                        isAdmin: data.data.user.is_admin,
                        accessToken: data.data.access_token,
                        refreshToken: data.data.refresh_token
                    };
                } else {
                    throw new Error(data.messages);
                }
            }

9 Replies

Asiatic LionOP
    callbacks: {
        async jwt({ token, user }) {
            if (user) {
                token.id = user.id;
                token.phone = user.phone;
                token.firstName = user.firstName;
                token.lastName = user.lastName;
                token.email = user.email;
                token.role = user.role;
                token.isAdmin = user.isAdmin;
                token.accessToken = user.accessToken;
                token.refreshToken = user.refreshToken;
            }
            return token;
        },
        
        async session({ session, token }) {
            session.user.id = token.id as string;
            session.user.phone = token.phone as string;
            session.user.firstName = token.firstName as string;
            session.user.lastName = token.lastName as string;
            session.user.email = token.email as string;
            session.user.role = token.role as string;
            session.user.isAdmin = token.isAdmin as boolean;
            session.accessToken = token.accessToken as string;
            session.refreshToken = token.refreshToken as string;
            return session;
        }
    },
The endpoint in backend for gaining the access and refresh token is auth/verify and it returns both of them
We also have an endpoint which is /auth/token/refresh
And it accepts refresh token :
{
"refresh": "string"
}
and it returns a new accesstoken
Now here I just want to know how can I do this without interrupting the user when 15 mins is done
I've read the docs and tried asking chatgpt but none of them were helpful
I'd appreciate if you could give me some tips
Asiatic LionOP
Guys any idea pls?