Access Token Expiration after 24 hours

Hi,

I run a platform built with the NextJS SDK for Auth0.

We implement the simple /api/auth/me and api/auth/login etc. API routes to handle user authentication and use the useUser hook to detect the existence of a user session.

Our users are constantly complaining that they have to login every 24 hours, and it seems to be because the accessToken expires after 24 hours.

I was reading this issue:

And I was wondering if we had to do something like:

    await auth0.getAccessToken(request, response, { refresh: true });

To ensure that users can stay logged in for more than 24 hours. I’m not sure if we just missed something in our implementation or if something is broken.
Any help would be greatly appreciated!
-Will

2 Likes

Any progress on this @will3 ?

I have the same issue also. Very surprising. I thought the whole point of using Auth0 and their SDKs was to not have to deal with implementing my own refresh token logic.

I’m also being told that our Next.js API routes are submitting expired tokens to our backend :grinning:

1 Like

Set rolling duration to > 1 day

https://auth0.github.io/nextjs-auth0/interfaces/config.sessionconfig.html

We have it set to 14 days. It still doesn’t stop us sending expired access tokens.

It looks like we need to

  1. manually validate if the access token is expired

and
2. Provide a callback afterRefresh because getAccessToken is synchronous.
So then we need to add in extra logic that… I don’t even know.

We have to validate the access token but then if it’s invalid we have to except a callback… Odd way to code

Why doesn’t it do it silently in the background? Like I would configure Axios interceptors to refresh

1 Like

Just following up to see if there’s any progress on this. We’re running into exactly the same issue.