Issue with Incorrect expires_at Calculation in CognitoProvider #12934
Unanswered
Leo0310Cat
asked this question in
Help
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
What is the issue?
When using
CognitoProvider, although the token expiration is set to 1 hour in Cognito, theexpires_atvalue calculated by NextAuth is set to 1 month later.expires_invalue of 3600 seconds (1 hour) when requested directly, so the issue is not with Cognito.Logs
Here is the log showing the mismatch between Cognito's
expires_inand the calculatedexpires_at:2025-05-03 22:26:04 frontend-1 | Response from Cognito: {
2025-05-03 22:26:04 frontend-1 | "provider": "cognito",
2025-05-03 22:26:04 frontend-1 | "type": "oauth",
2025-05-03 22:26:04 frontend-1 | "providerAccountId": ~,
...
2025-05-03 22:26:04 frontend-1 | "expires_at": 1746282364,
2025-05-03 22:26:04 frontend-1 | "token_type": "Bearer"
2025-05-03 22:26:04 frontend-1 | }
2025-05-03 22:26:04 frontend-1 | Decoded AccessToken: {
2025-05-03 22:26:04 frontend-1 | sub: ~,
2025-05-03 22:26:04 frontend-1 | iss: ~,
2025-05-03 22:26:04 frontend-1 | version: 2,
2025-05-03 22:26:04 frontend-1 | client_id: ~,
2025-05-03 22:26:04 frontend-1 | origin_jti: ~,
2025-05-03 22:26:04 frontend-1 | event_id: ~,
2025-05-03 22:26:04 frontend-1 | token_use: 'access',
2025-05-03 22:26:04 frontend-1 | scope: 'openid profile email',
2025-05-03 22:26:04 frontend-1 | auth_time: 1746278763,
2025-05-03 22:26:04 frontend-1 | exp: 1746282363,
2025-05-03 22:26:04 frontend-1 | iat: 1746278763,
2025-05-03 22:26:04 frontend-1 | jti: ~,
2025-05-03 22:26:04 frontend-1 | username: ~
2025-05-03 22:26:04 frontend-1 | }
Mismatch:
expires_invalue: 3600 seconds (1 hour)expires_atvalue: 1746282364 (1 month later)Additional Note
After switching to Auth.js (NextAuth.js v5), the issue no longer occurred.
This suggests that the problem was specific to the expiration handling logic in NextAuth.js v4.
Beta Was this translation helpful? Give feedback.
All reactions