"expires" attribute in session changes #1073
-
Hi! I am using next-auth w/ the Spotify provider, however, for some reason, the Is there something I am doing wrong? Here is my next-auth config: const options = {
providers: [
Providers.Spotify({
clientId: process.env.SPOTIFY_ID,
clientSecret: process.env.SPOTIFY_SECRET,
scope: [
'streaming',
'user-read-email',
'user-read-private',
'user-library-read',
'user-library-modify',
'user-read-playback-state',
'user-modify-playback-state',
]
}),
],
jwt: true,
callbacks: {
session: async (session, user) => {
if(session && user){
session.user = user;
}
return Promise.resolve(session);
},
jwt: async (token, user, account, profile, isNewUser) => {
if(account){
token.accessToken = account.accessToken;
token.refreshToken = account.refreshToken;
token.profile = profile;
}
return Promise.resolve(token);
},
},
}; Would appreciate any pointers! |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
Hi there! The expires property of session means when the next-auth session expires, not the Spotify access token's expiry date. When you read the session, the expiry date will be refreshed automatically, to keep the session active. I ncase the session is not invoked, it will expire (by default, after 30 days) you can override this with the maxAge property of the session option https://next-auth.js.org/configuration/options#session Keep in mind that right now, refresh tokens are not utilized to keep access tokens valid, it can be implemented in user land. You can get the idea from here: #871 (comment) |
Beta Was this translation helpful? Give feedback.
Hi there! The expires property of session means when the next-auth session expires, not the Spotify access token's expiry date. When you read the session, the expiry date will be refreshed automatically, to keep the session active. I ncase the session is not invoked, it will expire (by default, after 30 days) you can override this with the maxAge property of the session option
https://next-auth.js.org/configuration/options#session
Keep in mind that right now, refresh tokens are not utilized to keep access tokens valid, it can be implemented in user land.
You can get the idea from here: #871 (comment)