Token refreshing every request

[karonator]

Question 💬

Hello all.
I'm using own CredentialsProvider with token refresh (like in tutorial):

import axios from 'axios'

import CredentialsProvider from 'next-auth/providers/credentials'
import NextAuth from 'next-auth'

axios.defaults.baseURL = 'server url'

async function refreshAccessToken(token) {
  console.log('UPDATE')
  const refresh = await axios
    .post('/token/refresh/', {
      refresh: token.refreshToken
    })
    .catch((error) => {
      console.log(error)
    })
  if (refresh && refresh.status === 200 && refresh.data.access) {
    return {
      ...token,
      accessToken: refresh.data.access,
      expiresAt: Date.now() + 10 * 1000
    }
  }
  return {
    ...token,
    error: 'RefreshAccessTokenError'
  }
}

export default NextAuth({
  providers: [
    CredentialsProvider({
      id: 'credentials',
      name: 'my-project',
      async authorize(credentials) {
        const auth = await axios
          .post('/token/', {
            username: credentials.username,
            password: credentials.password
          })
          .catch((error) => {
            console.log(error)
          })

        if (auth.status === 200 && auth.data.access) {
          const profile = await axios
            .get('/v1/profile/', {
              headers: {
                Authorization: `Bearer ${auth.data.access}`
              }
            })
            .catch((error) => {
              console.log(error)
            })
          if (profile.status === 200 && profile.data) {
            return {
              ...profile.data,
              tokens: auth.data
            }
          }
        }
        return null
      }
    })
  ],
  pages: {
    signIn: '/login'
  },
  callbacks: {
    jwt: async ({ token, user, account }) => {
      if (account && user) {
        return {
          accessToken: user.tokens.access,
          refreshToken: user.tokens.refresh,
          expiresAt: Date.now() + 10 * 1000,
          user
        }
      }

      if (Date.now() < token.expiresAt) {
        return token
      }

      return refreshAccessToken(token)
    },
    session: async ({ session, token }) => {
      session.user = token.user
      session.token = token.accessToken
      return session
    }
  },
  debug: true,
  jwt: true
})

The problem is that after refreshing token expiresAt not updating, sorefreshAccessToken is calling every request.
After all debugging I understood that token is not changing after first call of jwt callback. Any ideas please, what I'm doing wrong?

How to reproduce ☕️

Usage in page:

export async function getServerSideProps(context) {
  let dicts = []
  const session = await getSession(context)
  if (session && session.token) {
    const dictsReq = await axios
      .get('/v1/dictionary/', {
        headers: {
          Authorization: `Bearer ${session.token}`
        }
      })
      .catch((error) => {
        console.log(error)
      })
    if (dictsReq && dictsReq.status === 200) {
      dicts = dictsReq.data
    }
  }
  return {
    props: { dicts }
  }
}

Contributing 🙌🏽

No, I am afraid I cannot help regarding this

[karonator]

Simplified example:

    jwt: async ({ token, user, account }) => {
      console.log(token.expiresAt)
      // here token.expiresAt will NEVER be equals 'hey'
      if (account && user) {
        return {
          accessToken: user.tokens.access,
          refreshToken: user.tokens.refresh,
          expiresAt: Date.now() + 10 * 1000,
          user
        }
      }

      if (Date.now() < token.expiresAt) {
        return token
      }

      token.expiresAt = 'hey'

      return token
    }

[chris-verclytte]

I am experiencing the same behavior on auth.js v5 with the auth cookie receiving a new token (with extended expiration date) for each request. Did you find the root cause of this issue ?