Latest NextJS 14, getSession() or getAccessToken() is causing re-rendering the entire page in server-actions

The entire NextJS calling page is getting re-rendered if we add getSession() or getAccessToken() in the server action method to retrieve access-token for calling external service.

"use server"

import { ServerActionResponse } from "@/types";
import { getAccessToken, getSession } from "@auth0/nextjs-auth0";

export const someAction = async (param: string): Promise<ServerActionResponse<Boolean>> => {
  console.debug('....... Inside server action.... someAction() .........')
  try {
    const session = await getSession();
    console.log('session:', session);

    const { accessToken } = await getAccessToken();
    console.log('accessToken:', accessToken);

    const response = await fetch(`External API call`, {
      method: 'POST',
      headers: {
        Authorization: 'Bearer ' + accessToken,
        'Content-Type': 'application/json',
      body: JSON.stringify({}),
    console.debug('External API Response Data:', response);
    return {
      status: '200',
      data: await response.json(),
  } catch({code, message}: any) {
    return {
      status: code,
      error: message

If we don’t use these two ’ getSession ()orgetAccessToken()fromnextjs-auth0` library, the system is behaving as expected without the page re-rendering.

I’ve tested the working in RouteHandlers as well. In the routeHandler also the getSession() and getAccessToken() are behaving in the same way, however, if we pass req and res then working fine.

// route.ts

getSession(req, resp)
getAccessToken(req, resp)

behaves correctly


// routes.ts


Rerenders the entire page.

Please help me if I’m doing something wrong here.


I’ve actually noticed the exact same thing.

It was a bit of a roundabout way to get there, but I noticed that data was automatically showing up without me revalidating any paths. Eventually, I narrowed it down to the call to get the access token causing everything from the RootLayout downwards to be rerendered.

Is there an approach to getting the access token that avoids this, or is it expected? I’m also curious.

I’m facing this same issue too

Same issue here, did anyone find some solution?