Hey community,
We are using auth0 in our Next.js application for authentication with our own custom API using access & refresh tokens.
We have the auth0 session in an encrypted cookie client-side.
We are using a Next.js server-side proxy to add the access token to the Authorization header to the custom API call.
We are using the getAccessToken from the nextjs-auth0 sdk. This function automatically calls the token endpoint when the access token expired, to refresh the token.
This in turn initiates the action flow post-login flow, where we have an action that does some extra login checks on our backend and updates user state.
When the user is browsing the page, and suddenly the access token expires and the user lands on a page that does 3 or 4 authenticated calls which in turn makes the proxy do 3 or 4 token refreshes, which in turn executes our backend POST endpoint concurrently 3 or 4 times.
This gives race condition errors on our backend.
What is the appropriate way to solve this? Introduce overhead on the FE (proxy) or BE ?
On the one hand, I believe its normal that our backend errors on concurrent POST/PUTs to the same database entity.
On the one hand, I also think it’s normal that the auth0 next js proxy does multiple refreshes if it detects an expired access token.
Thanks for you input 