[SDK-2330] New tokens should be applied to existing session

[adamjmcgrath]

Description

handleProfile will use the a stale session if getAccessToken updates the session.

On the whole a user should be able to continue to use a refrence to the session after getAccessToken is called, without having to call getSession again.

const session = getSession(req, res);
const { accessToken } = await getAccessToken(req, res);

// If AT was updated, session.accessToken should be updated too
session.accessToken === accessToken;

References

See #294 (comment)

Testing

Given I have Refresh Token Rotation enabled
And I have an expired Access Token
When I visit handleProfile with refetch true
Then I should get an updated profile
And I should get an updated Access Token and Refresh Token

• This change adds test coverage for new/changed/fixed functionality

Checklist

• I have added documentation for new/changed functionality in this PR or in auth0.com/docs
• All active GitHub checks for tests, formatting, and security are passing
• The correct base branch is being used, if not main

[vercel]

This pull request is being automatically deployed with Vercel (learn more).
To see the status of your deployment, click below or on the icon next to each commit.

🔍 Inspect: https://vercel.com/auth0/nextjs-auth0/piwv2iyzx
✅ Preview: Canceled

[Deployment for 48e9a7e canceled]

[Widcket]

Does this get saved in the session cache?

[adamjmcgrath]

Yep - the session is mutable and whatever is in it at the end of the request chain will get persisted

[adamjmcgrath]

The second request to /api/session in the test should also verify this https://github.com/auth0/nextjs-auth0/pull/307/files#diff-43549841cd306e45cf537adad769f7fc683abaf46a9eab1146d958238493af2aR112-R113

[Widcket]

Looks good, just have a question.