Refresh Token Rotation with @auth0/nextjs-auth0 SDK

sofiyev.external · June 1, 2022, 2:49pm

Hello,

I’m using @auth0/nextjs-auth0 SDK in my Next.JS application and trying to enable refresh token rotation.

I enabled Refresh Token Rotation on the Settings page. (Reuse Interval is 0 second)
offline_access added to my AUTH0_SCOPE environment variable

But when I revoke the refresh token from the user, I assume my current user will be logout. But it’s not happening like that and users can continue using the application without error.

Can someone help me figure out what you’re doing wrong?

Which SDK this is regarding: @auth0/nextjs-auth0
SDK Version: 1.9.0

dan.woda · June 10, 2022, 4:03pm

Hi @sofiyev.external,

Welcome to the Auth0 Community!

I understand you are having trouble terminating the user session.

I suspect the user still has a valid access token, as they cannot be revoked after being issued.

You should be able to inspect the request to see exactly what is being sent with the request by using the Chrome DevTools “Network” tab. I would be happy to take a look if you could DM me a HAR file.

Topic		Replies	Views
Implements refresh token rotation Help login-experience , new-universal-login-experience	3	1147	December 22, 2023
NextJS-Auth0 Refresh Token setup Help sessions , rotating-refresh-tokens	1	2003	September 26, 2024
Unknown or invalid refresh token when session expires Help auth0 , refresh-tokens , refresh_token , nextjs , refresh-token-rotate	1	2374	September 24, 2022
Cannot turn off refresh tokens while using nextjs-auth0 Help refresh-token , session , nextjs	0	4765	December 12, 2020
How do we ensure a session is still valid on refresh with NextJS app folder? Help logout , sessions	4	2955	September 26, 2024

Refresh Token Rotation with @auth0/nextjs-auth0 SDK

Related Topics