Thanks a lot ❤️

Thank you 🤩

@@imkir4n I know 😀. Glad to help now.

@@tapasadhikary yeah. A suggestion maybe you can add 'with a custom backend on title' there is no content out there with a separate backend.

@@imkir4n Great suggestion.. updated.

Glad it was helpful ❤️

❤️❤️

Sure, thanks a lot.

Yes very much but remember Next.js does not allow modifying the cookies from the client for the security reason... so even if you have to handle it through cookies, it has be on the server side only.

@@tapasadhikary thank you so much this helped.

Thanks 🔥

Thanks man, thanks a lot. Glad to know.

@@tapasadhikary can you please share the font name used in VSCODE

I have one issue also, my refresh token work well in first time but not work in second time, because JWT still saved the old token :/ can you please help. I am using same versions as you used in tutorial

​@@sameedahri3939 That's weired. JWT will not save the old access token... asin it will not save but it will use. You need to programmatically refresh it only when it expires. It could be with the logic in the code...As you have seen in the video tutorial, the jwt callback always check for the expiry and everytime it expires, we were forcefully refreshing. So I would suggest you to check in two places: - The expiry of the access token. - The logic to check the expiry and refreshing the token. All the best!

@@tapasadhikary Thanks for your reply, I still having the same issue, because token is not updated after refresh call, because Next JS doesn't allow to modify cookie while it is rendering. I am curious how your code is working :D

Thank you! No reason other than making it available as part of the MERN videos to create a Node Express based auth endpoint... Will make the code available also along with it.

We should have the logic written for it. It will not be automatic here.

Did you find a way around this, as I've been struggling with this, since my approach is, refresh tokens should be invalidated/blacklisted upon re-freshing, so in case of race conditions, This causes mayhem

It is similar in that case too.. in fact auth.js doc has a example with Google Provider you can check out. I have done a deployment of it on vercel front end and render the API portion.. Haven't tried the docker yet.. will surely make when I give a hand on it.

@@TechWarriorzOfficial you are most welcome

Thank you! The extention name is console ninja

Most welcome

No you do not need to... check other way instead.. check if the token is still alive then continue to use it... if not, return the refreshed token. That way code will be lesser. Also, you do not want to throw an exception is token expired as we are rotating it instead. I hope it makes sense.

For that only we have the session callback, vai. Whatever you need to add to the session or update, do it in the session callback. Session callback has got all the information from the jwt callback for you to update. Also remember, session is just an object, you can even add your own data to it.

Thanks! I just deployed the entire solution on Vercel, Render, and MongoDB Atlas.. it works like a charm.

Lws, Operator Mono

The session callback gets the session object along with the user and token information. So we can set the information on the session object and return. It helps you to pass the data to the browser and make it available there on the client.

Use the auth() function to get the session object const session = await auth()

Thank you for watching my videos and your interest in learning from them. Some of your suggestions are great, I will bring them in my future videos wherever they are relevant. Keep learning.

I have the same problem. Did you find how to solve?

@@DaviReisVieira not yet. clueless right now.

Yes, good point. I think it will be persist the refreshtoken in a store or something like that like an array of tokens for user and issue that? Do you suggest any other solution for that?

@@tapasadhikary Didn't get that how the `refreshAccessToken` will get executed on every request. The code already has the expiry check and if the token is not expired then it should not call `refreshAccessToken`, isn't it?

@@jubayer-ahmed46 wow, yeah ❤️, thanks 🙏

There seems to be an open issue already with auth.js about the rotation, hoping it gets resolved github.com/nextauthjs/next-auth/issues/7558

In Bangla channel :-)

Thank you for your comments. Glad you liked it. Here is how I am thinking of the scenarios: - The best way to handle the error from auth,js(this is what I found so far) is by throwing the custom exceptions from the error prone places. Now in most cases the invocation point of the calls would be either from a Server component, Client Component, or Server Actions. We can catch and treat the errors these ways: a) Server Component: in error.js by checking for the exception type b) Client Component: Some kind of toast message by checking the exception type c) Server Action: Rethrow it from a try-catch and catch it again in either of the above a or b cases. Let me know if you want to add anything to this approach. Would love to discuss and learn. - Cleaning the session before redirecting seem to be a good solution. Thanks!

@@tapasadhikary Thank you for your response! I will try different options to see which one could be the best

So here is what I am doing currently (not sure I am 100% happy with it) Refresh Token Handling: In the jwt callback, I attempt to refresh the token when it expires. If refresh fails, I an error flag: {...token, error: "RefreshAccessTokenError"}. This error is then passed to the session in the session callback. Error Handling in Auth Flow: I am using authorized callback checks for the RefreshAccessTokenError (I am doing every logic here not in the middleware file itself) If detected, it redirects to the login page with an error parameter. This approach allows the login page to display an appropriate error message and to sign out the user. Preventing Redirect Loops: The authorized callback includes checks for different route types (API, public, auth). For auth routes, even with a RefreshAccessTokenError, it returns true, preventing loops. For other routes, it redirects to login with the error parameter. This works perfectly, there's one scenario that needs attention: If a user with an errored session navigates directly to `/login` (without query parameters), they can access the login page without seeing the appropriate error message. I didn't find an appropriate answer for that with the current logic

How is it done??

@@OnlyJavascript as far as i know there is no official way of doing credential login with authJs and third party server ....i have searched and tried but didn't found the way yet.

I do like to know your approach. If you are having a dedicated authentication api server and use it in react/next like old fashion. How can we able to do with next auth.

@@rahulk143 i am also trying to find the same solution but seems like next auth only works for full stack nextjs projects.and not with dedicated auth server