Manually trigger next-auth to refresh the JWT

[iakovosvo]

Hi Devs, I have a situation where the user can update their personal details and some of those details are also used to make up the payload of the JWT that is generated by the server. Therefore an action performed by the client can actually cause the token to contain stale data. I have been provided with an endpoint that will regenerate a new token on the serverside and return it to the client. So I would be able to hit this endpoint and get a new token after the user updates their details in this way. My question is how can I get next-auth to accept a new token and start using it for the current and subsequent sessions? I've already read through #371 but I've not seen a solution that will deliver the right behaviour in my case.

Some additional info:
I am aware of the jwt() callback that you can supply to next-auth, here's my understanding of how it works:

• A token returned by the jwt() callback will be saved by next-auth for use in the current and subsequent sessions. (I assume that this would probably provide the behaviour I'm looking for if I could get jwt() to return the new token)

• The jwt() callback fires each time a call to getSession() hook is made, so it could be triggered manually by making use of that hook.

Even though next-auth has provided a way to get the jwt() callback to fire on command, it seems like I don't have a way to get control over the arguments passed to the jwt() callback. Therefore I don't see how I would be able to write any logic inside this callback to return a new token even if the token has not expired and is still valid etc.

See below from the docs (I've inserted some comments to highlight my problem)

  callbacks: {
    async signIn({ user, account, profile, email, credentials }) {
      return true
    },
    async redirect({ url, baseUrl }) {
      return baseUrl
    },
    async session({ session, user, token }) {
      return session
    },
    async jwt({ token, user, account, profile, isNewUser }) {

      // if token is expired
      if (token.expiresAt > new Date()) {
         // regenerate and return new token
      }

      // no control over the arguments passed here
      // can't write logic here to regenerate token on command even if its not expired.

      return token
    }

If anyone could point me in the right direction that would be a massive help, I'm not sure where to look at this point. I'm also not sure if the operation that I'm attempting to describe has a name (session mutation?) so even pointing me at some similar questions or threads that solve my issue under a different name would be great. Please ask me to clarify if I haven't provided enough of an explanation.

Cheers.

Originally posted by @MaxRandle in #4229

[balazsorban44]

Hi, the discussion for this already exists.

I had an idea before, but it only works nicely for database-persisted sessions. See: #3941 (comment)

It's not trivial to do this for the JWT session strategy, as there is no persistence and a re-login would destroy the session anyway. But let's not fragment the discussion and keep it in the original thread. 👍