Where/how to properly refresh JWT (server + client)
Unanswered
Egyptian Mau posted this in #help-forum
Egyptian MauOP
Hi *,
currently building a nextjs app with a separate backend. I'm using a combination of short-lived access-tokens with long-lived refresh-tokens to authenticate against the backend. The tokens are stored in cookies (httpOnly for refresh-token) and are being set within a server-action.
Refreshing the access-token from client side is no problem at all. Just get a new one by calling a server-action when the current one is expired (which is then able to update the cookies properly).
But how do you refresh an expired token in plain server-components? Of course I can hit the backend to get a fresh one in that case, but I'm not able to set the new cookie from there.
currently building a nextjs app with a separate backend. I'm using a combination of short-lived access-tokens with long-lived refresh-tokens to authenticate against the backend. The tokens are stored in cookies (httpOnly for refresh-token) and are being set within a server-action.
Refreshing the access-token from client side is no problem at all. Just get a new one by calling a server-action when the current one is expired (which is then able to update the cookies properly).
But how do you refresh an expired token in plain server-components? Of course I can hit the backend to get a fresh one in that case, but I'm not able to set the new cookie from there.