Next-Auth Session and FusionAuth #12792
Unanswered
richardvaldiviesom
asked this question in
Help
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi, I am new using Next-Auth. I am using FusionAuth as my provider. When the user login to my app it has a profile section that it is another web app. In there users can change their password. When an user change its password and comeback to the their main site they look like they are still login because next-auth still have a valid session. I want the app show the login, but since the useSession only look for the next-auth session it will find one because the password change did not validate that session. I was thinking to use the session callback to reach fusionauth to check if the refresh token is valid. However, if feels like this would be open some problems like calling this provider many times when useSession is called or generate new refresh token indefinitely (fusionauth client has a method exchangeRefreshTokenForJWT which check if the token is valid). How can I approach this? Here is a recap what is happening:
users login to Application A
users go to profile that opens Application B
users change password in Application B and logout
fusionauth as providers has a revocation policy after password change (this is not a problem of next-auth and just explaining what happens)
users come back to Application A and try to go to a protect resource. That resource is still show because I have not clear the next-auth session (I do not know how to do it)
Beta Was this translation helpful? Give feedback.
All reactions