使用 next.js auth (next auth) 我正在创建 CredentialsProvider,尝试将其连接到 django 后端。除了刷新令牌策略之外,一切正常:获取新的访问令牌后,访问令牌和过期日期不保存。因此,下一个身份验证是在每个请求时发送刷新令牌。我不知道为什么,但在“首次创建令牌”后我无法更新令牌数据。
这是代码:
async function refreshAccessToken(token) {
console.log('UPDATE')
const refresh = await axios
.post('/token/refresh/', {
refresh: token.refreshToken
})
.catch((error) => {
console.log(error)
})
if (refresh && refresh.status === 200 && refresh.data.access) {
return {
...token,
accessToken: refresh.data.access,
expiresAt: Date.now() + 10 * 1000
}
}
return {
...token,
error: 'RefreshAccessTokenError'
}
}
export default NextAuth({
providers: [
CredentialsProvider({
id: 'credentials',
name: 'my-project',
async authorize(credentials) {
const auth = await axios
.post('/token/', {
username: credentials.username,
password: credentials.password
})
.catch((error) => {
console.log(error)
})
if (auth.status === 200 && auth.data.access) {
const profile = await axios
.get('/v1/profile/', {
headers: {
Authorization: `Bearer ${auth.data.access}`
}
})
.catch((error) => {
console.log(error)
})
if (profile.status === 200 && profile.data) {
return {
...profile.data,
tokens: auth.data
}
}
}
return null
}
})
],
pages: {
signIn: '/login'
},
callbacks: {
jwt: async ({ token, user, account }) => {
if (account && user) {
return {
// works normally
accessToken: user.tokens.access,
refreshToken: user.tokens.refresh,
expiresAt: Date.now() + 10 * 1000,
user
}
}
if (Date.now() < token.expiresAt) {
return token
}
// token is obtaining in refreshAccessToken but not saved...
// next request refreshAccessToken will be called again...
return refreshAccessToken(token)
},
session: async ({ session, token }) => {
session.user = token.user
session.token = token.accessToken
return session
}
},
debug: true
})
请提供任何帮助。这是简化的示例:
jwt: async ({ token, user, account }) => {
console.log(token.expiresAt)
// here token.expiresAt will NEVER be equals 'hey'
if (account && user) {
return {
accessToken: user.tokens.access,
refreshToken: user.tokens.refresh,
expiresAt: Date.now() + 10 * 1000,
user
}
}
if (Date.now() < token.expiresAt) {
return token
}
token.expiresAt = 'hey'
return token
}
这似乎是许多开发人员现在正在经历的下一个身份验证错误。新刷新的令牌不会被持久化,并且下一个身份验证始终重用登录时收到的第一个令牌。以下是讨论:
https://github.com/nextauthjs/next-auth/issues/7558 https://github.com/nextauthjs/next-auth/discussions/6642
| 归档时间: |
|
| 查看次数: |
16729 次 |
| 最近记录: |