How to refresh an access token in a Next.js application?

will.dev8787 · January 4, 2022, 5:20pm

Found this question which asks about exactly the same problem:

user logs in (frontend application gets an access_token);
user updates its profile, frontend sends information to the backend, backend calls the Management API
user’s access_token is now out of date on the frontend;
we want it to be up to date;

read this tutorial - mentions that refresh_token exists but doesn’t show how to implement them.
read this tutorial - it says that SPA applications should use the ** Authorization Code Flow with Proof Key for Code Exchange (PKCE)** along with Refresh Token Rotation
read this and configured the refresh token rotation in my application;
read this to understand and implement Authorization Code Flow with PKCE - and this content led me to look for tutorials for SPA applications;
read this and this is where it really frustrated me. There is no example of how to do the refresh token rotation along with the Authorization Code Flow with PKCE in these quickstarts.

Watched the videos in Auth0’s YouTube channel and re-read the Next.js tutorial a few times.

Can someone, please tell me. In a Next.js application, how do I refresh my user’s access_token to reflect the latest information on his profile without asking him to login again?

rueben.tiow · January 4, 2022, 9:20pm

Hi @will.dev8787,

Welcome to the Auth0 Community!

First, I would like to clarify that the Auth0 Next.js SDK is a Regular Web App instead of a Single Page Application (SPA).

With that said, you will still want to use the refresh_token to refresh the access token of the user. To do so, you will need to specify the scope=offline_access in the /authorize request to Get Refresh Tokens.

https://YOUR_DOMAIN/authorize?
    audience=API_AUDIENCE&
    scope=offline_access&
    response_type=code&
    client_id=YOUR_CLIENT_ID&
    redirect_uri=https://YOUR_APP/callback&
    state=OPAQUE_VALUE

After this is complete, you can use that refresh token to get a new access token.

Please let me know if you have any further questions.

Thank you.

system · January 19, 2022, 9:21pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.