Refresh Token Rotation With Next-Auth V5 || Managing Tokens With A Custom Backend

preview_player
Показать описание
Enjoying my Videos & Teaching? Don't forget to,
- ✅ Join tapaScript as a member to enjoy the perks:

We will continue to build the project we started at the beginning of the Next-Auth V5 series and incorporate token management and rotation into it.

Let's GO 🚀

Timecodes
0:00 - We Will Learn These
01:13 - Token, Access Token, Refresh Token
05:49 - The App
08:52 - Understanding Token Management
13:41 - APIs on Postman
16:39 - Login API call from authorized
22:07 - Next-Auth Callbacks: jwt and session
24:47 - Token Rotation Flow
26:18 - Access Token Expires and UI
36:57 - Refresh Token Rotation and UI
47:34 - What's Next?

## Source Code on tapaScript GitHub:

## Join tapaScript Discord

## Authentication & Authorization Video

## 🤝 My Links:

## 👋 Liked my work? Thank You. You can sponsor me from here:

## About Me:
Tapas Adhikary is an Educator at tapaScript, Tech enthusiast, Writer, YouTuber, and Open Source projects maintainer/contributor. He is a full-stack developer with vast experience in building SaaS solutions. He is the founder of the ReactPlay platform, which is driven by open-source projects and a fast-growing community.

#nextjstutorial
#next
#nextjs14
#nextauth
#authentication
#nextjs
#nextjs13
#nextjsapprouter
#thinkinginnextjs
#nextjstutorial
#next-auth
#authjs
#token
#tokens
#authorization
Рекомендации по теме
Комментарии
Автор

thanks sir,
learn a lot
can you make one video more related to cookie based Auth,
( accessTOken and refreshTOken are in cookie)

kunalrathor
Автор

thank i asked about this at the beginning of the series.

imkirn
Автор

Should i type if else catch after every request to check my token has expired I think this is bad idea. What do you suggest instead of this ?

soulfly
Автор

thanks, what if the user login using a provider ? the tokens and refresh tokens are same thing or what?

please make deployment with docker

alexdin
Автор

thank you for amazing video, what the extension for console.log preview

karemelshendy-
Автор

Best video brother, you just saved me

sameedahri
Автор

this is a really great video.thanks for this.i want to ask can this refresh token rotation be done using cookies instead of sending the access and refresh tokens in the response from backend?

milesrykerodazie
Автор

Was waiting for callbacks handling jwt and session. Thanks for the in depth explanation. Any particular reason for not including login and refresh end points in the source code?

ItsKrishnaPanthi
Автор

Hi Tapas da. How can I update session according to api response value in lib/fetch-client.js? Is there any way for it?

imrancse
Автор

Extremely informative. But I don't think this is the better way of doing this. What i do most of the time store the refresh token in the db, and only share the access token to client on secure cookies. So everytime i dont have to send it again and again, by default the cookies will on every request. If it expired then got 401 and based on that again a request to backend for token rotation. Don't u think this a better way of doing this?

Rajesh-rgfw
Автор

Great tutorial on implementing Auth.js beta 5 with Next.js! I have a few questions about some aspects of the implementation:

- Refresh Token Handling: In the refreshAccessToken function, an error is returned when the refresh fails, but it's not clear how this error is handled downstream. How would you recommend dealing with invalid refresh tokens in the jwt callback or elsewhere in the auth flow? I have a python backend handling the token and other routes and I am not sure how to correctly handle that

- Potential Redirect Loop: In the user page, there's a check for a 403 status that redirects to the login page. However, if Auth.js still considers the token valid, couldn't this create a redirect loop? How would you suggest preventing this - maybe by clearing the session before redirecting ?

Thank you!

Etymologicult
Автор

I was working on a company (building e-commerce site) and faced this custom backend token rotation issue with nextAuth v5. I had to go through a 'bangla' system to manage the issue and for more secured api, I had to use the native nextjs api as well as the server action.

eagerly waiting for this! maybe there is no other solution on youtube on this regard!

thanks

abdurrahman