Password expiry using 'Password Rotation' plugin nextjs context, better approach?

noelt.dolan · October 17, 2024, 2:35pm

Ready to post? First, try searching for your answer.
Hi folks,

Following this link, Force a Password Reset after a Specific Number of Days’, I’ve ‘successfully’ implemented a solution in NextJS v14 with Typescript, but it feels a bit hacky, so wondering if anyone else has used the ‘Password Rotation’ plugin with NextJS v14+ differently and successfully?

Here, for reference, is a stripped down version of my app/api/auth/[auth0]/route.ts file

import {
  CallbackHandlerError,
  CallbackOptions,
  handleAuth,
  handleCallback,
  IdentityProviderError,
  Session,
} from '@auth0/nextjs-auth0';
import { NextApiRequest, NextApiResponse } from 'next';
import { NextResponse } from 'next/server';

export const GET = handleAuth({
  callback: async (req: NextApiRequest, res: NextApiResponse) => {
    // This try/catch code is needed to support the auth0 'password rotation' plugin.
    // The plugin can found in auth0 Actions -> Triggers -> Post Login.
    // The plugin throws an error if password has expired which we then need to catch.
    try {
      const callbackOptions = {
        afterCallback(req2: NextApiRequest, session: Session) {
          return session;
        },
      } as unknown as CallbackOptions;

      const resp = await handleCallback(req, res, callbackOptions);

      return resp;
    } catch (error: any) {
      const cbErr = error as unknown as CallbackHandlerError;
      const cbErrCause = cbErr.cause as unknown as IdentityProviderError;

      const headers = req.headers as unknown as Headers;
      const redirectRootUrl = `${headers.get('x-forwarded-proto') || ''}://${headers.get('x-forwarded-host')}`;

      let redirectErrorParams = '';

      // the 'access_denied' and 'password has expired' values relate to the
      // Password Rotation plugin (see above)
      if (
        cbErr.status === 400 &&
        cbErr.code === 'ERR_CALLBACK_HANDLER_FAILURE' &&
        cbErrCause.error === 'access_denied' &&
        cbErrCause.errorDescription === 'password has expired'
      ) {
        redirectErrorParams = `error=${cbErrCause.error}&error_description=${cbErrCause.errorDescription}`;
      } else {
        redirectErrorParams = `error=${cbErr.name}&error_description=${cbErr.message}`;
      }
      return NextResponse.redirect(
        `${redirectRootUrl}/error?${redirectErrorParams}`
      );
    }
  },
});

Note that in NextJs app, I have a route /error which handles the redirect with the parameters referenced above.

So has anyone else used this plugin, particularly with NextJS v14+ and Typescript, and if so, what approach did you take?

Thank you in advance,

Noel

rueben.tiow · February 26, 2025, 12:18am

Hi @noelt.dolan,

Using the Password Rotation action integration is the recommended way to enforce a password change for your end users after X number of days.

In the context of Next.js, this is valid and should work with any of our SDKs.

Was there anything specific that you were encountering issues with?

Thanks,
Rueben

system · March 12, 2025, 12:19am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Auth0 'Password Rotation' looping back to password expired page! Get Help login-experience , reset-password-prompt-new-experience	1	34	November 6, 2024
Can I log user out when password is expired? (NextJS) Get Help classic-universal-login-experience , login-experience	0	212	April 19, 2024
Implements refresh token rotation Get Help login-experience , new-universal-login-experience	3	1243	December 22, 2023
NextJS-Auth0 Refresh Token setup Get Help sessions , rotating-refresh-tokens	3	2151	December 5, 2024
Refresh Token Rotation with @auth0/nextjs-auth0 SDK Get Help refresh-token , refresh-tokens , refresh-token-rotate	2	3191	June 28, 2022

Password expiry using 'Password Rotation' plugin nextjs context, better approach?

Related topics