You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm getting the following error when configuring rotating Refresh tokens in Auth0. If I remove the rotation configuration, it works fine. Are these supported in the Beta? Do I need to configure something in the SDK to make it work? Thank you in advance.
AccessTokenError: The request to refresh the access token failed. CAUSE: invalid_grant (Unknown or invalid refresh token.)
at NodeClient.refresh (webpack-internal:///(sc_server)/./node_modules/@auth0/nextjs-auth0/dist/auth0-session/client/node-client.js:158:19)
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
... 4 lines matching cause stack trace ...
at async eval (webpack-internal:///(sc_server)/./node_modules/next/dist/server/future/route-modules/app-route/module.js:265:37) {
code: 'ERR_FAILED_REFRESH_GRANT',
cause: IdentityProviderError: invalid_grant (Unknown or invalid refresh token.)
at NodeClient.refresh (webpack-internal:///(sc_server)/./node_modules/@auth0/nextjs-auth0/dist/auth0-session/client/node-client.js:158:152)
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
at async Object.eval [as getAccessToken] (webpack-internal:///(sc_server)/./node_modules/@auth0/nextjs-auth0/dist/session/get-access-token.js:55:30)
at async eval (webpack-internal:///(sc_server)/./app/api/items/route.tsx:16:104)
at async eval (webpack-internal:///(sc_server)/./node_modules/@auth0/nextjs-auth0/dist/helpers/with-api-auth-required.js:40:28)
at async eval (webpack-internal:///(sc_server)/./node_modules/next/dist/server/future/route-modules/app-route/module.js:265:37) {
error: 'invalid_grant',
errorDescription: 'Unknown or invalid refresh token.'
},
status: undefined
}
Reproduction
Configure rotating Refresh Token (in our case it will be alive for 30 minutes).
Perform a login.
Wait for the Access Token to expire (in our case 20 minutes).
In the minute 21, from the app, try to get the Access Token - getAccessToken() -, so it refreshes.
You get the error.
Additional context
No response
nextjs-auth0 version
3.0.0-beta.3
Next.js version
13.4.7
Node.js version
20.3.0
The text was updated successfully, but these errors were encountered:
The SDK already supports refresh token rotation. This kind of issue is configuration-related.
Please check the following:
Is your Auth0 application a "Regular Web App" application?
What does show up in the Auth0 logs when this error happens? Please share in detail, redacting any sensitive information.
Could you please share the Refresh Token Expiration config of your Auth0 application? You can find this section in the settings tab of your Auth0 application.
@Widcket - does the refresh token get set automatically? I'm using the withMiddlewareAuthRequired in the beta, but I am not getting a refresh token set on the session. Is there a setting in my Auth0 application (other than Refresh Token Rotation/Expiration) that I am missing?
At the moment, I am just using the middleware code from the example app (using App Router).
Also, see #498 (comment) (tl;dr we only recommend RT rotation public clients not in web apps because it's difficult to handle concurrency with many servers)
Checklist
Description
I'm getting the following error when configuring rotating Refresh tokens in Auth0. If I remove the rotation configuration, it works fine. Are these supported in the Beta? Do I need to configure something in the SDK to make it work? Thank you in advance.
Reproduction
Refresh Token
(in our case it will be alive for 30 minutes).Access Token
to expire (in our case 20 minutes).Access Token
- getAccessToken() -, so it refreshes.Additional context
No response
nextjs-auth0 version
3.0.0-beta.3
Next.js version
13.4.7
Node.js version
20.3.0
The text was updated successfully, but these errors were encountered: