next-auth icon indicating copy to clipboard operation
next-auth copied to clipboard

Published 20 hours ago โ€ข verified publisher icon nextauthjs

Implement updateSession & isUpdate parameter

Open christoph-pflueger opened this issue 2 years ago โ€ข 7 comments

โ˜•๏ธ Reasoning

What changes are being made? What feature/bug is being fixed here?

Implements updateSession to be able to update the SessionProvider's state without having to reload the page. The update event is propagated to the jwt and session callbacks via an isUpdate parameter. This helps to avoid having to check if the token and session is up to date on every request.

As there are currently no tests implemented for callbacks, I skipped that step.

๐Ÿงข Checklist

  • [x] Documentation
  • [ ] Tests
  • [ ] Ready to be merged

๐ŸŽซ Affected issues

Please scout and link issues that might be solved by this PR.

Fixes: #596 Fixes: #3941 Fixes: #2208 Might fix: #2129

๐Ÿ“Œ Resources

christoph-pflueger avatar Jun 21 '22 17:06 christoph-pflueger

The latest updates on your projects. Learn more about Vercel for Git โ†—๏ธŽ

Name Status Preview Updated
next-auth โœ… Ready (Inspect) Visit Preview Jun 21, 2022 at 5:05PM (UTC)

vercel[bot] avatar Jun 21 '22 17:06 vercel[bot]

Any ETA for the release of this?

DitlevHB avatar Jul 28 '22 15:07 DitlevHB

Can I gently nudge this pull request? I hope if gets merged already as this is also a blocker in our application - I think this should be considered critical

qiqo avatar Aug 25 '22 17:08 qiqo

Can I gently nudge this pull request? I hope if gets merged already as this is also a blocker in our application - I think this should be considered critical

The fact that this pull request hasn't received as much as a reply for almost three months even though there appears to be genuine interest is mind-blowing to me. It's not like other pull requests are not being worked on either.

christoph-pflueger avatar Aug 25 '22 17:08 christoph-pflueger

@balazsorban44 Could you help review this PR? It seems like a common feature should be built into next-auth. Thank you for your time.

devrsi0n avatar Aug 27 '22 09:08 devrsi0n

@balazsorban44 hoping for your time and consideration on this fixes. Thanks

qiqo avatar Aug 27 '22 11:08 qiqo

Thanks for the PR @git-chrisp and sorry for the delayed response, I reviewed your PR It seems like the added method updateSession is exactly the same as getSession, the only difference is in the callback session and jwt Could you give an example case where the extra isUpdate param is helpful? ๐Ÿค”

The implemented updateSession doesn't call getSession. It calls the __NEXTAUTH._getSession which is encapsulated inside the SessionProvider and cannot be accessed at the moment.

Assume someone changes something in his profile settings that is stored in e.g. the token's custom claims. There is no way to update this change in the SessionProvider at the moment without reloading the entire page.

The isUpdate parameter helps in the backend to differentiate between normal getSession, _getSession and updateSession calls.

christoph-pflueger avatar Sep 02 '22 07:09 christoph-pflueger

Is there any deadline to fix this problem? For now the only way to fix this issue is reloading page and this way clean the state or the action user wants to do Thank you.

shahryarjb avatar Sep 25 '22 22:09 shahryarjb

Is any update on this pr soon, we are having the same problem authenticating with a custom PKCE provider, and when refreshing the token and have the new token back. the client keeps calling JWT with the old invalid token. and we use one-time refresh tokens so, it's pretty impossible to get around this setup without any compromise with the rules we already have.

mohamedGamalAbuGalala avatar Oct 25 '22 21:10 mohamedGamalAbuGalala

May I kindly ask for an update? I had this PR bookmarked months ago, and it's a little disheartening to see that there hasn't been any progress... It's a blocker for our application, and there seems to be a lot of interest from other people as well.

rustunooldu avatar Nov 09 '22 03:11 rustunooldu

I'm sorry if I'm mistaken but is this related to this workaround? https://stackoverflow.com/a/70405437/9123724

raulmarindev avatar Nov 09 '22 10:11 raulmarindev

Currently using window.location.reload()/window.location.pathname since I cannot await session update after updating a users profile. The changes here would likely solve that.

lemcii avatar Nov 09 '22 11:11 lemcii

I'm sorry if I'm mistaken but this related to this workaround? https://stackoverflow.com/a/70405437/9123724

This only works if refetchOnWindowFocus is enabled. And even then the solution only works if the current visibilityState of the document is visible (https://developer.mozilla.org/en-US/docs/Web/API/Document/visibilityState).

christoph-pflueger avatar Nov 09 '22 11:11 christoph-pflueger

window.location.reload()

It is not good, I need to update my auth 2 tokens {refresh token, access token} every 1 hour, but for now I am forced to reload my site: it is my next auth API, and it is my client:

https://github.com/mishka-group/mishka-cms-front/blob/master/apps/mishka_user/helper/authHelper.ts#L121-L123

But how update it without refresh

shahryarjb avatar Nov 09 '22 11:11 shahryarjb

Happy to send reviewers a case of beer to get this PR approved (and pulled). As others have noted, this is basic/needed functionality. Thanks!

rolanday avatar Dec 22 '22 09:12 rolanday

I'd pitch in for a second case - this would be super beneficial!

kblizeck avatar Jan 13 '23 03:01 kblizeck

Closing in favor of #7056

balazsorban44 avatar Mar 25 '23 14:03 balazsorban44