Next-auth: Refreshing Profile Data with a new session

That is a really great question.

There is some complexity here as if using a database, there is a User object but it can have many Accounts (e.g. Google, Twitter, etc) and use any of them to sign in as the same user if they are linked.

(This is undocumented but currently possible to do by signing in again if you are not signed in, but in future there will be link/unlink endpoints as in v1; it's possible by design just feature complete.)

We probably don't want to override data in the database though.

However, if not using a database, this is perhaps an easier proposition.

What I'm not sure of is how all OAuth providers behave in this regard - i.e. if all of them allow you to fetch the data for a user in a similar way. I think they behave differently and some only return this data on initial sign in by the user, and you'd need to actually force them to sign in again to get it.

We could research this and see how true that is in practice; maybe they are very consistent.

At the very least we could do some tutorials / examples / blog posts on how to do this.

Thanks. My use case is with discord, and I love the way that this library handles the tokens so well. It's just that whilst not having to login for a month is brilliant, I'd rather people didn't have to logout/in for their random picture change to show up. This is the sort of call that shouldn't happen on every page but when an existing session is reinitialised would be very useful. Thanks for your quick reply!

@iaincollins Hey! I just ran into this problem where I want to pass in the user's oauth_token and oauth_token_secret (refresh token) to an external API for auth on the server-side. However, because the oauth_token expires after a while (even though the user is logged in on my Next.js app), it's causing some inconsistencies.

Is there any way I can refresh the user's session so that it just generates new access tokens? I am using JWT, so there is no database involved here.

Would appreciate any pointers here :)

@MehediH TL:DR not yet, but soon!

For now you could store the users RefreshToken in their JWT and then create an endpoint which calls the API the provider exposes to get an AccessToken that is fresh as needed.

This is something we should be building in to NextAuth.js soon!

Sounds great, thanks for the v quick reply @iaincollins!

Hi there! It looks like this issue hasn't had any activity for a while. It will be closed if no further activity occurs. If you think your issue is still relevant, feel free to comment on it to keep ot open. Thanks!

Hi there! It looks like this issue hasn't had any activity for a while. To keep things tidy, I am going to close this issue for now. If you think your issue is still relevant, just leave a comment and I will reopen it. (Read more at #912) Thanks!