Setup
Hi there, I am currently developing a web application for our team’s project that is currently using Auth0 as the authentication system. Our technology stack includes: Next.js, React + TypeScript, and using Node.js’ Fastify as the backend API server.
We followed the quickstart guide that integrates Next.js (on Auth0’s Quickstart) and applied simple user credentials as the authentication layer for the first draft.
Questions
Is there a definitive guide to implementing Auth0 into Next.js 15.2.4 that will help us greatly develop this essential feature for the project?
Moreover, regarding user’s token and session/activity, I have the session settings:
- Maximum ID Token Lifetime: 1 hours (3600 seconds)
- Idle Refresh Token Lifetime and Maximum Refresh Token Lifetime are disabled.
- For Session Expiration (in Tenants’
Settings → Advanced- Session Policy is Non-persisten
- Idle Session Lifetime: 5 minutes
- Maximum Session Lifetime: 15 minutes
Do I need to implement any layer on the frontend (client-side) that will enact the session timeout accurately? Session lifetime is 10 minutes, but I do not see my session automatically expire and log me out. (FYI, I also implemented a simple layer on the middleware to check user Session with auth0.getSession()). There were some discussions on here that told us to implement environment variables (like these:
AUTH0_SESSION_ROLLING_DURATION = 60
AUTH0_SESSION_ABSOLUTE_DURATION = 60
AUTH0_SESSION_ROLLING = false
), but seems like that did not work as well.
I would appreciate for any help and be able to provide further context if needed.