Hello,
I am using the nextjs-auth0 library to authenticate users in my app. I need refresh tokens for my Auth0 Application, however I am not getting them. I have included my initAuth0
below, which includes the scopes etc I need back. I have confirmed that my application has a grant type of “Refresh Token” enabled, and that absolute expiration is enabled.
utils/auth_utils.ts
:
baseURL:
process.env.AUTH0_BASE_URL ||
"https://" + process.env.NEXT_PUBLIC_VERCEL_URL,
issuerBaseURL: process.env.AUTH0_ISSUER_BASE_URL,
clientID: process.env.AUTH0_CLIENT_ID,
clientSecret: process.env.AUTH0_CLIENT_SECRET,
secret: process.env.AUTH0_SECRET,
authorizationParams: {
response_type: "code",
scope: "openid profile email offline_access",
},
session: {
rolling: true,
rollingDuration: 60 * 60 * 24,
absoluteDuration: 60 * 60 * 24 * 7,
},
});
The response I get back has the lines:
accessTokenExpiresAt: 1699484513,
refreshToken: undefined,
When I change the scopes in the above code, for example removing profile
, it is changed in the returned session.
The way I am checking for the session is:
req: NextApiRequest,
res: NextApiResponse,
session: Session,
) => {
console.log(session);
return session;
};
export default auth0.handleAuth({
async callback(req: NextApiRequest, res: NextApiResponse) {
try {
await auth0.handleCallback(req, res, { afterCallback });
} catch (error: unknown) {
const err = error as { status?: number; message?: string };
res.status(err.status || 500).end(err.message);
}
},
});
Any guidance would be much appreciated!