Problem statement
We’re utilizing the Nextjs-auth0 SDK wit the Next-URQL client within our production Next.js app. The initial sign in works smoothly but we’re running into issues with configuring token refresh. We’ve been unable to find docs on how mergeExchanges in URQL and client/server (middleware) token refreshes within NextJS should be configured.
Solution
The backend side Next.js implementation use methods such as getAccessToken(). This won’t work as the ‘/authorize’ request is designed for use in an IFRAME for Silent Authentication, or a POST to the ‘/oauth/token’ endpoint if a Refresh Token is present. This is not possible in a backend application.
To use Refresh Tokens in our Next.js SDK, you will need to do the following:
- Include the
offline_accessscope in your configuration (orAUTH0_SCOPE) - Check “Allow Offline Access” in your API Settings
- Make sure the “Refresh Token” grant is enabled in your Application Settings (this is the default)