How Admin can change user roles triggering user's session update?
Unanswered
Cape lion posted this in #help-forum
Cape lionOP
Hi all. i'm building my first next.js app. I' ve added auth with next-auth using a discord provider. i chose jwt session strategy creating a custom object with data fetched from db. i want to create a data table, allowing to edit user roles and then triggering session update for the user . i know the way i coded the auth process makes hard to do this, however i can change it based on what i need to have to create that table. what's most important is to be able to ban users, revoking access to the website .
3 Replies
Understanding your flow, it will become a bit complicated to implement this.
1. If you want to use this strategy then: The role change is make in the DB, but it won't immediately affect the user current session, you'll have to create a middleware which verifies the information stored in the JWT and if different then updating the session.
2. Another and recommended approach: Switch to server session, store the session in the DB, so when the role is updated it will instantly update the session in the DB and the user will be revoked.
1. If you want to use this strategy then: The role change is make in the DB, but it won't immediately affect the user current session, you'll have to create a middleware which verifies the information stored in the JWT and if different then updating the session.
2. Another and recommended approach: Switch to server session, store the session in the DB, so when the role is updated it will instantly update the session in the DB and the user will be revoked.
@Rohit | Lucifer Understanding your flow, it will become a bit complicated to implement this.
1.** If you want to use this strategy then**: The role change is make in the DB, but it won't immediately affect the user current session, you'll have to create a middleware which verifies the information stored in the JWT and if different then updating the session.
2. **Another and recommended approach**: Switch to server session, store the session in the DB, so when the role is updated it will instantly update the session in the DB and the user will be revoked.
Cape lionOP
could u provide me any docs about the second approach?
@Cape lion could u provide me any docs about the second approach?
use
instead of
in your next-auth config file to use the server session in next-auth
READ: https://authjs.dev/concepts/session-strategies
https://authjs.dev/reference/core#strategy
strategy: "database"instead of
strategy: "jwt"in your next-auth config file to use the server session in next-auth
READ: https://authjs.dev/concepts/session-strategies
https://authjs.dev/reference/core#strategy