I have a NestJS backend that exposes the following API:
@Post('sign-in-with-google-account')
async signInWithGoogleAccount(
@Body body: { idToken: string },
@Res({ passthrough: true }) response: Response
) {
const user = await getUserFromGoogleIdToken(body.idToken)
const tokens = await generateAccessAndRefreshTokensForUser(user)
response.cookie('refreshToken', tokens.refreshToken, {
httpOnly: true,
expires: new Date(tokenExpirationDate),
secure: true,
sameSite: 'none'
})
return { accessToken: tokens.accessToken }
}
It receives id token from google oauth, finds the user in the DB and signs a JWT access token and refresh token. The refresh token is stored as httpOnly cookie and the access token is returned.
Now in my next.js app configured with next-auth I have the following:
import GoogleProvider from "next-auth/providers/google";
...
providers: [
GoogleProvider({
clientId: process.env.GOOGLE_CLIENT_ID,
clientSecret: process.env.GOOGLE_CLIENT_SECRET
})
]
...
The issue at hand is that next-auth generates its own tokens. However, I wish to instruct next-auth to utilize the access and refresh tokens from my NestJS backend instead. How can this be achieved?
Additionally, in NestJS I've implemented an API for refreshing the access token as shown below:
@Get('refresh-access-token')
async refreshAccessToken(@Req() request: Request) {
const accessToken = await getNewAccessTokenFromRefreshToken(request.cookies.refreshToken)
return { accessToken }
}
How can I specify to next-auth to refresh the access token using the refresh-access-token API every 10 minutes (the access token expiration date)?