I have the following code in authOptions.ts in next js 14 with next auth v4. I'm using external jwt for backend.
import NextAuth, { NextAuthOptions } from "next-auth"
import CredentialsProvider from "next-auth/providers/credentials"
import { JWT } from "next-auth/jwt"
const API_ENDPOINT =
process.env.NEXT_PUBLIC_API_URL || "http://myapp.test/api"
class CustomError extends Error {
status: number;
constructor(message: string, status: number) {
super(message);
this.name = this.constructor.name;
this.status = status;
Error.captureStackTrace(this, this.constructor);
}
}
const authOptions: NextAuthOptions = {
providers: [
CredentialsProvider({
type: "credentials",
name: "Email and Password",
credentials: {
email: { label: "Email", type: "email", placeholder: "Your Email" },
password: { label: "Password", type: "password" },
},
async authorize(credentials) {
console.log(credentials)
if (!credentials?.email || !credentials?.password) return null
const { email, password } = credentials
const res = await fetch(`${API_ENDPOINT}/auth/login`, {
method: "POST",
body: JSON.stringify({
email,
password,
}),
headers: {
"Content-Type": "application/json",
Accept: "application/json",
},
})
const response = await res.json()
if (res.ok) {
return response.data
} else {
throw new CustomError(response.message, response.status);
}
},
}),
],
callbacks: {
async jwt({ token, user }) {
if (user) {
return { ...token, ...user }
}
return token
},
async session({ token, session }) {
session.user = token.user
session.authorization = token.authorization
return session
},
},
pages: {
signIn: "/auth/login",
},
}
export {authOptions}
My next-auth.d.ts
import NextAuth from "next-auth";
declare module "next-auth" {
interface Session {
user: {
id: number;
email: string;
name: string;
status: string;
avatar?:string;
};
authorization: {
token: string;
type: string;
expiresAt: number
};
}
}
import { JWT } from "next-auth/jwt"
declare module "next-auth/jwt" {
interface JWT {
user: {
id: number;
email: string;
name: string;
status: string;
avatar?:string;
};
authorization: {
token: string;
type: string;
expiresAt: number
};
}
}
when the login is success i get the following response
const { data: session } = useSession();
console.log({ session });
{
"user": {
"id": 1,
"name": "User One",
"email": "[email protected]",
"status": "active",
"avatar": null
},
"expires": "2024-04-23T09:51:41.208Z",
"authorization": {
"token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOi8vYmVzc2VudGlhbHMudGVzdC9hcGkvYXV0aC9sb2dpbiIsImlhdCI6MTcxMTI3MzkwMSwiZXhwIjoxNzExMjc3NTAxLCJuYmYiOjE3MTEyNzM5MDEsImp0aSI6IlpzUjZyUHdHaHU1bVJVSEMiLCJzdWIiOiIxIiwicHJ2IjoiMjNiZDVjODk0OWY2MDBhZGIzOWU3MDFjNDAwODcyZGI3YTU5NzZmNyJ9.nplynjW_PgzeAPyBnDZJI0vp3Wv9ehpAdQqME12mzsE",
"type": "bearer",
"expiresAt": 1711277501
}
}
in the above session data expiresAt is sent by the external server where expires is generated by next auth.
I want to expire session (sign out user) when token time expires. How do i configure/tell next auth to watch expiresAt as token time instead of expires.
You asked "How do i configure/tell next auth to watch expiresAt as token time instead of expires?"
The Answer: You just can't.
Your server generated token and next-auth session do not work the same.
Balázs Orbán from the core team says
The rest of the discussion can be found on this link: https://github.com/nextauthjs/next-auth/discussions/2790
Of course, you can still terminate the user's session once your server generated token expires. But this is another question which I will not address here.