This is a code snippet on my Nextjs project using nextauth to get new tokens followed this thread
async function refreshAccessToken(token: any) {
try {
const url =
`${process.env.AUTH0_ISSUER}/oauth/token?` +
new URLSearchParams({
client_id: process.env.AUTH0_CLIENT_ID || '',
client_secret: process.env.AUTH0_CLIENT_SECRET || '',
grant_type: 'refresh_token',
refresh_token: token.refreshToken,
scope: 'offline_access',
});
const response = await fetch(url, {
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
},
method: 'POST',
});
const refreshedTokens = await response.json();
if (!response.ok) {
throw refreshedTokens;
}
return {
...token,
accessToken: refreshedTokens.access_token,
accessTokenExpires: Date.now() + refreshedTokens.expires_in * 1000,
refreshToken: refreshedTokens.refresh_token ?? token.refreshToken, // Fall back to old refresh token
};
} catch (error) {
return {
...token,
error: 'RefreshAccessTokenError',
};
}
}
I kept getting { error: 'access_denied', error_description: 'Unauthorized' }
no matter how I changed Application Type
, Token Endpoint Authentication Method
or other settings.