next-auth icon indicating copy to clipboard operation
next-auth copied to clipboard

Published 20 hours ago verified publisher icon nextauthjs

Refresh token rotation

Open deelo55 opened this issue 8 months ago • 0 comments

What is the improvement or update you wish to see?

  1. The doc on refresh token rotation for JWT, doesn't work with the client side functionality as it doesn't put an error into the session.
  2. If an error occurs, the session still remains authenticated albeit with an error message attached. This doesn't seem secure as a user can still see resources which require authentication. I believe the status should change to unauthenticated?

Is there any context that might help us understand?

N/A

Does the docs page already exist? Please link to it.

https://authjs.dev/guides/refresh-token-rotation

deelo55 avatar Jun 09 '24 17:06 deelo55