Implements refresh token rotation


I want to implement auth0 in my nextjs application with the official library GitHub - auth0/nextjs-auth0: Next.js SDK for signing in with Auth0.

I followed the doc, implemented the plugin as recommended with the implementation of the handleAuth method in the nextjs api.

Authentication and logout work very well, I have access to my session, my accessToken, my refreshToken etc…

However I can’t find anything about the refresh token implementation. How can I set up a clean token rotation? I didn’t find anything in the plugin doc to refetch my user and give him a token. Is it necessary to instantiate this rotation manually ?

Thank you in advance for your feedback on this point

Hey there @mathieu2 welcome to the community!

Are you currently able to refresh the tokens, and you just aren’t seeing that rotation is taking place? If you haven’t already, you’ll need to configure refresh token rotation.

The following may be helpful as well:

I am able to retrieve my refresh token and my accessToken in the session of my associated user.

But how do I use the refreshToken to regenerate a token?

I was able to use the getAccesssToken method, which returns a new token, but no new refreshToken (which is not usable at will).

Do we have to go through a manual validation with API calls to Auth0? Can’t it be managed by the framework ?