You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
By executing the above in the session callback, token rotation can be more easily implemented
Non-Goals
No response
Background
When implementing token rotation using the database strategy, the database must be manipulated directly.
As in the following example from the documentation:
constprisma=newPrismaClient()exportdefaultAuth(newRequest("https://example.com"),{adapter: PrismaAdapter(prisma),
...
callbacks: {asyncsession({ session, user }){const[google]=awaitprisma.account.findMany({where: {userId: user.id,provider: "google"},})if(google.expires_at*1000<Date.now()){// If the access token has expired, try to refresh ittry{/* Get new access token */awaitprisma.account.update({data: {access_token: tokens.access_token,expires_at: Math.floor(Date.now()/1000+tokens.expires_in),refresh_token: tokens.refresh_token??google.refresh_token,},where: {provider_providerAccountId: {provider: "google",providerAccountId: google.providerAccountId,},},})...})
I think these operations should be able to be performed in abstraction via functions in the adapter.
Proposal
Add functions like getAccountByUser and updateAccount to the adapter. The user then no longer needs to directly manipulate the database client as follows:
constprisma=newPrismaClient()constadapter=PrismaAdapter(prisma)exportdefaultAuth(newRequest("https://example.com"),{adapter,
...
callbacks: {asyncsession({ session, user }){constgoogle=awaitadapter.getAccountByUser({userId: user.id,provider: "google",})if(google.expires_at*1000<Date.now()){// If the access token has expired, try to refresh ittry{/* Get new access token */awaitadapter.updateAccount({userId: user.id,provider: "google",providerAccountId: google.providerAccountId,access_token: tokens.access_token,expires_at: Math.floor(Date.now()/1000+tokens.expires_in),refresh_token: tokens.refresh_token??google.refresh_token,})...})
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Goals
Non-Goals
No response
Background
When implementing token rotation using the database strategy, the database must be manipulated directly.
As in the following example from the documentation:
I think these operations should be able to be performed in abstraction via functions in the adapter.
Proposal
Add functions like
getAccountByUserandupdateAccountto the adapter. The user then no longer needs to directly manipulate the database client as follows:Beta Was this translation helpful? Give feedback.
All reactions