You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I’m using JWTs with a backing database (DynamoDB) and my serverless backend makes changes to the user records directly. In that scenario, I’d like to call GET /api/auth/session with a query parameter (/api/auth/session?latest=true?) and have the JWT callback receive the latest user record from the adapter.
How to reproduce ☕️
NA
Contributing 🙌🏽
Yes, I am willing to help implement this feature in a PR
The text was updated successfully, but these errors were encountered:
Haven't had the time to think about it before yet 🙏.
What I would do is in the jwt callback, simply set a "lifetime" for the validity, and after that, just go and fetch the new user data. Very similar to refresh token rotation: https://next-auth.js.org/tutorials/refresh-token-rotation
Just check when the request is going to /api/auth/session and have the ?latest query parameter, and make the call in the jwt callback then.
You might still want to rate-limit how often you want the user to be able to get the data maybe, not sure. Maybe it doesn't have a benefit, just thinking out loud.
I currently consider this an edge case, as OAuth refresh token rotation will cover most users' cases, which we would like to support built-in.
Description 📓
I’m using JWTs with a backing database (DynamoDB) and my serverless backend makes changes to the user records directly. In that scenario, I’d like to call
GET /api/auth/session
with a query parameter (/api/auth/session?latest=true
?) and have the JWT callback receive the latestuser
record from the adapter.How to reproduce ☕️
NA
Contributing 🙌🏽
Yes, I am willing to help implement this feature in a PR
The text was updated successfully, but these errors were encountered: