Hi!
I’m using Auth0 with refresh tokens to get new access tokens. Refreshing the token seems that works, but the problem comes when multiple requests are performed to the API of NextJS.
The refresh tokens are configured to have rotation, so they can be used only once.
It seems that in the exact moment that all the requests are performed, the session storage is readed, and not in the getSession function from Auth0, which uses some kind of session cache:
export default function sessionFactory(sessionCache: SessionCache): GetSession {
return (req, res) => {
assertReqRes(req, res);
return sessionCache.get(req, res);
};
}
That lead to a problem where, once the access token is expired and it is necessary to refresh it, only one request to the API can refresh it because the rest of the requests have an obsolete refresh token and access token, even when the first call tries to update it.
In other words, all the requests have been done in less than 10 miliseconds, reading all the session information before it is updated with the refresh token. So, when all the requests analize the access token expiration time, is still expired because is the old one.
Does anyone knows how can I force nextjs-auth0 to update the session information along with the refresh token already updated, so all the requests share the same information?
Thanks!!