We use Apollo client in Server Components to make queries to our external (non Next.js) API and have to pass access token in ‘authorization’ header.
We use getAccessToken() function to get token (and refresh if needed). According to Auth0 documentation, refreshed tokens can’t be persisted in that case. It becomes crucial when token rotation enabled.
Are there any workaround or different approach to deal with it?
Hi @developers11,
According to the Next.js getAccessToken() API reference, it mentions:
You can’t write to the cookie in a React Server Component, so if the access token is refreshed, it won’t be persisted in the session.
However, using the Next.js App Router, you can handle token storage and persistence securely. For example, you can use API routes or middleware to manage access and refresh tokens, storing them in HTTP-only cookies or a secure server-side storage solution. This allows tokens to persist and refresh independently of React Server Components.
Thanks,
Rueben
1 Like