I am seeing the log Successful Refresh Token exchange after every request once the first access token is exchanged in my application. I currently have my refresh token expiration set to 10 hours and the access token set to expire every 2 hours. Everything works great until the access token expires and then the log is generated and I eventually hit an authentication rate limit. I am using Nextjs v^14 and Auth0 sdk v ^3 as well as a SAML connection and 2 post login actions. I have an access token check in my middleware and I also retrieve the access token on the nextjs server to pass to an external api.
import { NextResponse, type NextRequest } from "next/server";
import { AccessTokenError, getAccessToken, withMiddlewareAuthRequired } from "@auth0/nextjs-auth0/edge";
export default withMiddlewareAuthRequired(async function middleware(req: NextRequest) {
const res = NextResponse.next();
const requestPathName = req.nextUrl.href;
const requestHeaders = new Headers(req.headers);
requestHeaders.set("x-pathname", requestPathName);
// If the user is logging out, we don't need to check for an access token
// otherwise we will get in an infinite loop if the token was revoked
if (req.nextUrl.pathname === "/api/auth/logout") {
return NextResponse.next();
}
try {
await getAccessToken(req, res);
} catch (err) {
if (err instanceof AccessTokenError) {
console.log("error in access token", err);
return NextResponse.redirect(new URL(`${process.env.APP_URL}/api/auth/logout`));
}
console.error("error in getAccessToken", err);
/* Fallback: if you don't know how to handle the error */
throw err;
}
return NextResponse.next({
request: {
headers: requestHeaders,
},
});
});