For some reason, when we call getSession(), we do not see the app_metadata in the session.user object. How do we get this information to show up in all calls to getSession() and useUser()?
Could you clarify if you are updating the user during an active user session? If so, you might need the user to reauthenticate or use silent authentication to see the updated data.
Additionally, you might need to create a post-login action script to append the app_metadata to either the access or ID token and then decode it to read that information.
Adding the post-login script worked mostly. Yes, we are trying to update an active session. user gets logged in, and then we update their metadata. Then, in other parts of the app, for example trpc context, getSession() is called to grab information. After handleCallback is called, we get or create a user in our db, and then we set the app_metadata to store further ids for the user, for example, RBAC settings.
export const GET = handleAuth({
callback: async (req: NextRequest, ctx: { params: Record<string, string | string[]> }) => {
try {
const res = await handleCallback(req, ctx);
console.log(">>> res in callback", res);
const session = await getSession(req, res);
if (!session) {
console.error("No session found");
return NextResponse.redirect(`${process.env.AUTH0_BASE_URL}/error`);
}
console.log(">>> session in callback", session.user.sub);
const updatedSession = await handleGetOrCreateUser(session);
console.log(">>> updated session after handling our ■■■■", updatedSession.user.sub);
if (!updatedSession) {
console.error("Session update failed");
return NextResponse.redirect(`${process.env.AUTH0_BASE_URL}/error`);
}
let returnTo = `${process.env.AUTH0_BASE_URL}/dashboard/home`;
// Create a new response with the redirect
const redirectResponse = NextResponse.redirect(returnTo);
// Copy all cookies from the original response to the new response
res.headers.getSetCookie().forEach(cookie => {
redirectResponse.headers.append('Set-Cookie', cookie);
});
// Add a flag to indicate that this is a post-login redirect
redirectResponse.headers.set('X-Auth-Return-Redirect', '1');
return redirectResponse;
} catch (error) {
console.error("Error in callback handler:", error);
return NextResponse.redirect(`${process.env.AUTH0_BASE_URL}/error`);
}
},
});
Sure! Silent authentication is a process that re-authenticates the user without user interaction as long as there is an active session. To do so, you would include the prompt=none as an authorization parameter in your login request.