User info not refreshed on getSession from nextjs sdk

adriano · April 25, 2024, 1:45pm

I’m using auth0 universal login with nextjs-auth0 SDK to manage authentication in my app.

If a User object has its information updated whilst the user is already logged in, that information will remain stale and the getSession method from the SDK will not update it.
To fix this, I call the ‘/userinfo’ endpoint as an workaround to get the user refreshed data, but sometimes I’m getting rate-limited. ( I do this in the middleware of my app - code below )

I’ve deployed my app on CF pages, and there’s some issues while using that and fetch API cache for data management, so I have implemented caching with an timeout of 30 seconds as can be seen here:

Is there another way to work around this to refresh the user data?

stefan6 · April 29, 2024, 10:43am

I am also running into this issue, any ideas?

leomc · April 30, 2024, 2:40pm

This also happened with me, I’m now using your workaround but I get rate limited still

devbydixon · August 24, 2024, 10:34pm

The following approach has worked for me. This is NextJS middleware for app routes :
@leomc @stefan6 @adriano

// middleware.js
import { withMiddlewareAuthRequired, getSession, handleProfile } from '@auth0/nextjs-auth0/edge';
import { NextResponse } from "next/server";

export default withMiddlewareAuthRequired(async function middleware(req) {
    const res = NextResponse.next();

    try {

        // This fixed it
        // @ts-ignore 
        await handleProfile(req, res, {
            refetch: true,
        })

        const session = await getSession(req, res);

        console.log('Email verified status:', session?.user.email_verified);


        if (!session) {
            console.log('No session found');
            return NextResponse.redirect(new URL('/', req.url));
        }

        if (!session.user.email_verified) {
            console.log('Email not verified');
            return NextResponse.redirect(new URL('/verify-email', req.url));
        }

        return res;
    } catch (error) {
        console.error('Error in middleware:', error);
        return NextResponse.redirect(new URL('/error', req.url));
    }
});

// Matcher config remains the same

// Specify the paths where this middleware should apply
...

tyf · August 26, 2024, 3:14pm

Thanks for sharing @devbydixon !

system · September 9, 2024, 3:15pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Update user after calling updateSession in Next.js Help sessions , authentication-sessions	2	2730	December 23, 2022
Next.js Refrest Token Help sessions , reusable-refresh-tokens	0	1398	July 13, 2023
How do we ensure a session is still valid on refresh with NextJS app folder? Help logout , sessions	4	2956	September 26, 2024
Updating user session in Next.js without middleware Help sessions , authentication-sessions	0	1297	February 9, 2024
Nextjs-auth0 question RE "/api/auth/me" Help	1	3389	January 12, 2022

User info not refreshed on getSession from nextjs sdk

Related topics