Hi, I am working in a APP with nextjs and auth0, I want to know about how the refresh tokens works, the official docs are not clear and dont bring code examples.
I am following the basic instructions that is enable refresh tokens in the auth dashboard and add the offline_access in the scope of login, but I dont know what more to do.
Currently the middleware looks like this, but the validation is not working correctly because after 24 hours (1 day) the access token expires.
The refresh tokens should be handled by the SDK as long as you have them configured in your application.
To read more about using refresh tokens with the middleware, I would recommend to review the examples document available on the Github page since they state that:
The request and response objects must be passed as a parameters to the getAccessToken(request, response) method when called from a middleware to ensure that the refreshed access token can be accessed within the same request.
If you are using the Pages Router and are calling the getAccessToken method in both the middleware and an API Route or getServerSideProps, it’s recommended to propagate the headers from the middleware, as shown below. This will ensure that calling getAccessToken in the API Route or getServerSideProps will not result in the access token being refreshed again.
If you have any other questions, feel free to leave a reply or post again on the community!