Nextjs Sdk Successful Refresh Token exchange logs spammed

jbrewer · February 24, 2025, 3:55am

I am seeing the log Successful Refresh Token exchange after every request once the first access token is exchanged in my application. I currently have my refresh token expiration set to 10 hours and the access token set to expire every 2 hours. Everything works great until the access token expires and then the log is generated and I eventually hit an authentication rate limit. I am using Nextjs v^14 and Auth0 sdk v ^3 as well as a SAML connection and 2 post login actions. I have an access token check in my middleware and I also retrieve the access token on the nextjs server to pass to an external api.

import { NextResponse, type NextRequest } from "next/server";
import { AccessTokenError, getAccessToken, withMiddlewareAuthRequired } from "@auth0/nextjs-auth0/edge";

export default withMiddlewareAuthRequired(async function middleware(req: NextRequest) {
  const res = NextResponse.next();
  const requestPathName = req.nextUrl.href;
  const requestHeaders = new Headers(req.headers);
  requestHeaders.set("x-pathname", requestPathName);

  // If the user is logging out, we don't need to check for an access token
  // otherwise we will get in an infinite loop if the token was revoked
  if (req.nextUrl.pathname === "/api/auth/logout") {
    return NextResponse.next();
  }

  try {
    await getAccessToken(req, res);
  } catch (err) {
    if (err instanceof AccessTokenError) {
      console.log("error in access token", err);
      return NextResponse.redirect(new URL(`${process.env.APP_URL}/api/auth/logout`));
    }
    console.error("error in getAccessToken", err);

    /* Fallback: if you don't know how to handle the error */
    throw err;
  }

  return NextResponse.next({
    request: {
      headers: requestHeaders,
    },
  });
});

nik.baleca · February 24, 2025, 10:32pm

Hi @jbrewer

Thank you for posting on the community!

As far as I have checked in your tenant’s logs, indeed you seem to be receiving an You have reached the global limit for your account error which would indicate that you are passing the 300 requests/limit for the Authentication endpoints, as you might already know. Also, you might have passed the limit of the Management API of 2 requests/second (it does allow bursts of up to 10). I can see in your logs that sometimes your application does make between 10 and 70 requests for Successful Refresh Token exchange.

You can read more about this in our documentation about Rate Limits.

You might want to check how many of these requests are you actually making during a simple login and perhaps identify where the issue lies since your application might be caught in a loop where it keeps requesting new refresh tokens.

Otherwise, I would recommend to use the Discuss your needs button on your dashboard or open a support ticket regarding the matter since it might require an HAR file for us to analyze.

If you have any other questions, feel free to let me know!

Kind Regards,
Nik

system · March 10, 2025, 10:32pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to resolve: "The access token expired and a refresh token is not available." Get Help nextjs-auth0 , sdks-quickstarts	3	507	November 15, 2024
How implement refresh token flow in NextJS SDK Get Help classic-universal-login-experience , login-experience	1	727	March 18, 2025
NextJS-Auth0 Refresh Token setup Get Help sessions , rotating-refresh-tokens	3	2157	December 5, 2024
Access Token Expiration after 24 hours Get Help access-token , nextjs	4	4911	July 21, 2022
NextJS GetAccessToken() Always Returns Error "The access token expired and a refresh token is not available" Knowledge Articles access_token , nextjs , api-call	1	304	June 27, 2024

Nextjs Sdk Successful Refresh Token exchange logs spammed

Related topics