How to use the refresh token with @auth0/nextjs-auth0

me1k · February 6, 2024, 11:40am

Hi there,

basically my question is, how to use the refresh_token with the @auth0/nextjs-auth0 sdk?

Do i need to implement a whole new request like in this documentation:

Use Refresh Tokens ? Or is there a function withing the sdk?

tyf · February 6, 2024, 5:26pm

Hey @me1k !

You can get/use refresh tokens using the SDK directly (plus a couple tenant settings) - Please see here:

github.com

auth0/nextjs-auth0/blob/main/EXAMPLES.md#getting-a-refresh-token

# Examples

- [Create your own instance of the SDK](#create-your-own-instance-of-the-sdk)
- [Customize handlers behavior](#customize-handlers-behavior)
- [Use custom auth urls](#use-custom-auth-urls)
- [Protecting a Server-Side Rendered (SSR) Page](#protecting-a-server-side-rendered-ssr-page)
- [Protecting a Client-Side Rendered (CSR) Page](#protecting-a-client-side-rendered-csr-page)
- [Protect an API Route](#protect-an-api-route)
- [Protecting pages with Middleware](#protecting-pages-with-middleware)
- [Access an External API from an API Route](#access-an-external-api-from-an-api-route)
- [Add a signup handler](#add-a-signup-handler)
- [Use with Base Path and Internationalized Routing](#use-with-base-path-and-internationalized-routing)
- [Use a custom session store](#use-a-custom-session-store)
- [Back-Channel Logout](#back-channel-logout)

See also the [example app](./example-app).

### Create your own instance of the SDK

When you use the named exports, the SDK creates an instance of the SDK for you and configures it with the provided environment variables.

This file has been truncated. show original

me1k · February 6, 2024, 6:43pm

Hmm and what bulletpoint do you refer to exactly? I guess Create your own instance of the SDK ?

tyf · February 6, 2024, 6:52pm

The link should point to getting a refresh token.

me1k · February 6, 2024, 7:07pm

But then i dont understand it. I already get a refresh token. But i wondered, if there is a built in way of the SDK to use the refresh token, to get a new access token/token id

tyf · February 6, 2024, 7:37pm

Ahh gotcha - Assuming you’ve configured your application and dashboard correctly (outlined in the steps linked) the SDK should handle refreshing the token for you.

me1k · February 7, 2024, 6:47am

But i somehow need to know this in the Frontend, right? So i after my first login i request an accessToken/idToken and after 5mins i want fetch a new token with my refreshToken … and i wonder, if there is a built in way from the SDK or if i need to handle this on my own.

Because here it says, i need to do a extra request on my own to get a new token:
https://auth0.com/docs/secure/tokens/refresh-tokens/use-refresh-tokens

tyf · February 12, 2024, 11:44pm

Hey @me1k sorry for the delayed response here - According to the docs here specifically for withApiAuthRequired calling getAccessToken will result in a refreshed access token if it’s expired and assuming you have a valid refresh token.

momar.hughes · February 14, 2024, 7:31am

does the getSession function refresh the access token or is it only the getAccessToken that does that?

tyf · February 15, 2024, 4:15pm

Only getAccessToken will renew tokens with a valid refresh token.

system · March 18, 2024, 10:42pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.