next-auth icon indicating copy to clipboard operation
next-auth copied to clipboard
verified publisher icon nextauthjs

Recommend using an adapter in token rotation tutorial

Open balazsorban44 opened this issue 4 years ago • 3 comments

Currently, we don't have a token rotation mechanism built-in, so we have the following tutorial users can look at:

https://next-auth.js.org/tutorials/refresh-token-rotation

Storing refresh_token in a cookie is not a good idea.

We should refactor the tutorial to use an adapter instead.

At the very least we should mention that if someone absolutely decides to use a JWT, encryption is a must!

balazsorban44 avatar Sep 20 '21 08:09 balazsorban44

Update, v4 will have JWT encryption by default.

balazsorban44 avatar Nov 12 '21 15:11 balazsorban44

nextauthjs/next-auth has been migrated to a monorepository. The docs code can now be found here under packages/docs. Thanks for your interest in the project!

ndom91 avatar Feb 04 '22 20:02 ndom91

Has anyone implemented this while using a database strategy instead of the JWT strategy?

amosbastian avatar Aug 23 '22 19:08 amosbastian

Closed in https://github.com/nextauthjs/next-auth/commit/e8fbe5899742d253b032852c455e6f21f62da7d8

balazsorban44 avatar Jan 03 '23 11:01 balazsorban44