Make the session token expiration date follow an external API token expiration date

[fhuszti]

Hey,
I'm trying to set up Auth.js v5 with Next.js 14 and struggling a lot, probably due to me learning how Auth.js works at the same time.

My backend is an external API that takes credentials and sends me back three cookies: a split-cookies access token and a refresh token. These cookies are my source of truth because the app is useless if the user can't get data from my API, so I want to keep Auth.js in sync with them.
The session token from Auth.js (__Secure-authjs.session-token) refreshes its expiration date automatically all the time when I interact with the app, but I would like it to constantly be equal to my refresh token's. This refresh token is itself refreshed for a month every time I use it, which is only when my main access token gets stale (every 30min).

I have tried something like that but to no avail. The session token keeps updating its expiration date:

async jwt({ token, user }) {
    if (user) {
        token.user = user;
        token.exp = user.refreshExp;
    }
    token.exp = token.user.refreshExp;
    return token;
},
async session({ session, token }) {
    session.user = token.user;
    session.expires = (new Date(token.exp * 1000)).toISOString();
    return session;
}

I have searched the v4 docs and what's existing for the v5 docs multiple times and I can't seem to find any info on how to do that, google isn't much help either.
Usually when that's the case, it means I'm approaching it wrong, so maybe that's the case here?

[yusufs35]

The following article mght help you
https://medium.com/@yusufs35/integration-of-nextjs14-next-auth5-and-an-external-authentication-api-1f35a9db0eed

[MohamedDanis]

how do i do this in v4 ?

[sbassalian]

Create a protected layout file. And return from your api token_expiration_timestamp and attach that data to session.user. then in your layout file you can check to see if the current time is past that of the token expiration. I don't have it in the screenshot below, but it's just an example of me doing another check in my protected layout. I need to add this functionality to my repo as well, so if you still need help lmk and i'll post the full code