Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Need to add custom endpoints for /me and /refresh-token ? #12

Answered by CrawlerCode
tago-SE asked this question in Q&A
Discussion options

Hey,

I am wondering if you need to implement custom endpoints for /me /refresh-token and so to account for that the 'exp' claim is stored in the account?

Basically, when I've been trying to implement authjs I run into an issue with payloads useAuth is based on the result from those endpoints but AuthJS is using auth() wrapper so there is a missmatch between certain visual changes in the GUI.

And for the plugin to be useful I think some consideration or guidance on how to combine or work with payload auth context would be good.

I also decided to add 'linkAccount' to my user field holding whenever exp updates, and the account that was used during sign-in, in case there are multiple accounts would know which one to use.

function getCurrentLoginDetails(
 account: AdapterAccount,
 payloadUser: User
): Pick<User, "linkAccount">["linkAccount"] {
 const exp =
 account.expires_at !== undefined
 ? account.expires_at
 : payloadUser.linkAccount?.exp;
 // Currently we only update the linkAccount when id_token is passed, i.e on sign-in.
 // This may change but I'm assuming that when someone swaps an account it is present.
 if (!!account.id_token) {
 return {
 exp,
 provider: account.provider,
 providerAccountId: account.providerAccountId,
 };
 }
 if (payloadUser.linkAccount?.provider) {
 return {
 ...payloadUser.linkAccount,
 exp,
 };
 }
 return {
 exp,
 provider: account.provider,
 providerAccountId: account.providerAccountId,
 };
}
// linkAccount
const updateData = {
 linkAccount: getCurrentLoginDetails(account, payloadUser),
 accounts: accounts,
 } as Pick<User, "accounts" | "linkAccount">;
 const updatedUser = await payload.update({
 collection: COLLECTION_SLUG_USERS,
 id: account.userId,
 data: updateData,
 });
 return toAdapterAccount(updatedUser, account);
You must be logged in to vote

Thanks for your contribution.

I already implemented a custom /me endpoint, but it was only registering when you using a virtual field and there was another error with the exp value. Now both should be fixed.

Yes, you are right, i need to register a custom /refresh-token endpoint to refresh the Auth.js session. It is also included in the new version v0.7.1.

The useAuth hook from payload can be used in the admin panel as mentioned in the payload documentation. With a few tweaks you can also use it in your own application, but I would not recommend this. If you have a specific problem with this, please open an issue and provide more informations.

And finally, now i offer a usePayloadSession ...

Replies: 2 comments 1 reply

Comment options

Thanks for your contribution.

I already implemented a custom /me endpoint, but it was only registering when you using a virtual field and there was another error with the exp value. Now both should be fixed.

Yes, you are right, i need to register a custom /refresh-token endpoint to refresh the Auth.js session. It is also included in the new version v0.7.1.

The useAuth hook from payload can be used in the admin panel as mentioned in the payload documentation. With a few tweaks you can also use it in your own application, but I would not recommend this. If you have a specific problem with this, please open an issue and provide more informations.

And finally, now i offer a usePayloadSession hook to get the current payload session on client-side. I have also added some more documentation.
You must be logged in to vote
0 replies
Answer selected by tago-SE
Comment options

Would just like to state that if you do end up adding a refresh-endpoint you would probably need to provide a callback option in the config so that users can provide the refresh function.

type RefreshTokenClaims = {
 access_token: string;
 refresh_token: string;
 scope: string;
 token_type: "bearer" | "dpop" | string;
 expires_in: number;
 expires_at: number;
};
type FetchTokenResult = {
 token: RefreshTokenClaims | undefined;
 success: boolean;
 error?: unknown;
};
// Need to be provided in the config
type RefreshTokenFn = (
 refreh_token: string
) => Promise<FetchTokenResult>;

Then in the custom refresh-endpoint you would update the account on success.
You must be logged in to vote
1 reply
Comment options

Do you mean refresh-token rotation?

You could just implement it in your authjs jwt callback. Folow the Auth.js Guide for Refresh Token Rotation.
The callback is invoked from the /refresh-token endpoint
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Category
Q&A
Labels
enhancement New feature or request

AltStyle によって変換されたページ (->オリジナル) /