Refresh Token Rotation with @auth0/nextjs-auth0 SDK

Hello,

I’m using @auth0/nextjs-auth0 SDK in my Next.JS application and trying to enable refresh token rotation.

  1. I enabled Refresh Token Rotation on the Settings page. (Reuse Interval is 0 second)
  2. offline_access added to my AUTH0_SCOPE environment variable

But when I revoke the refresh token from the user, I assume my current user will be logout. But it’s not happening like that and users can continue using the application without error.

Can someone help me figure out what you’re doing wrong?

  • Which SDK this is regarding: @auth0/nextjs-auth0
  • SDK Version: 1.9.0

Hi @sofiyev.external,

Welcome to the Auth0 Community!

I understand you are having trouble terminating the user session.

I suspect the user still has a valid access token, as they cannot be revoked after being issued.

You should be able to inspect the request to see exactly what is being sent with the request by using the Chrome DevTools “Network” tab. I would be happy to take a look if you could DM me a HAR file.