getToken() is not waiting for the new token to refresh

[bymoe]

Hello everyone,

First, I have a catch-all proxy in pages/api/proxy/[...all].ts the purpose of this is to attach the access token to the Authorization: Bearer ${accessToken} header for all our api calls.

To do this I have to get the token inside this proxy and attach it using const token = await getToken({ req, secret })

I have the Refresh token rotation implemented and working fine. Now the problem is: when this token is expired the getToken() is not waiting for it to renew or in simpler words it is not checking the JWT callback which inside we check the token expiration. So it results in 401 error where the getToken() is still using the old token.

How do I solve this when the first thing that user hits when they enter the page is the getToken() ?

[umairb-pedal]

I have the same requirement. I was thinking of manually calling the jwt callback by retrieving the options.

[tlherysr]

I have the same problem and I think there is no solution to this at the moment which is frustrating. The only workaround I think is to add a refresh token logic in the api yourself. Basically, call that refreshToken function manually if API route returns 401 and you still have a refreshToken.

If you use getServerSession function instead of getToken function, it runs your jwt callback everytime you call the session. So it solves the problem but you have to expose the accessToken in the session this way which is a security issue itself.

Is there any plan to fix this at all or if there is a solution I would like to hear about it.