Hello,
I have two versions of the same endpoint one for the PagesRouter (I am currently using in the app) and one for the AppRouter. The endpoint contains only auth0.getAccessToken with refresh: true.
I have Test component where the endpoints are called.
When calling the AppRouter version (/api/app-refresh) it works as expected:
- Call /api/app-refresh
- The response contains in body expires_at and in the header there are set-cookie (__session__0=ABCD, __session__1=XYZ, __session=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT, appSession=; Path=/; Max-Age=0)
- Then when calling the endpoint /auth/access-token. The request has headers __session__0=ABCD, __session__1=XYZ and the response contains the same expires_at value and also the token it self is same as the one loged in the endpoint
- I can repeat the process indefinitely and it works
But when calling the PagesRouter version (/api/pages-refresh):
- Call /api/pages-refresh
- The response contains in body expires_at but in the header there is only set-cookie appSession=; Path=/; Max-Age=0
- Then when calling the endpoint /auth/access-token the returned token does not match with the loged one in the endpoint and has different expires at
- When called again I get error “The access token has expired and there was an error while trying to refresh it.”
Code available in the forked repo at github: radimkafka/auth0-nextjs-samples/tree/getAccessToken
According to the exmaples page I think it should work the same. Am I doing something wrong, does it work as expected or is it a bug that should be fixed?