Last Updated: Sep 24, 2024
Overview
This article is specific to using Auth0 with the library nextjs-auth0.
Based on the below documentation, it is understood that there are multiple session considerations to make:
- Session A: a session to Auth0 configured with Configure Session Lifetime Settings.
- Session B: a session to Next.js API.
Based on the above, if the “Inactivity timeout” on the tenant level is set for 10 minutes for session A in the Auth0 dashboard, then a user should be prompted to log in after being inactive for 10 minutes. However, it appears that the Nextjs session (session B) is still valid. How can both sessions be synced, meaning the application’s session is configured for the same duration as the tenant-level session?
Applies To
- Sync Session
- Next.js
Cause
There is no built in handler for this use-case in the Next.js SDK, however silent authentication can be configured.
Solution
Please see this example of how to perform a check against Auth0 for the user’s session when using the Next.js SDK. The request will return a login_required error if the user no longer has a session with Auth0.
This is utilizing the silent authentication behavior documented here.