How to Force Re-authentication in Next.js with Auth0 Using max_age Parameter

SDKs
Sep 10, 2025
Overview
This article explains how to set the max_age parameter to force re-authentication in a Next.js implementation of Auth0. This ensures that users must log in again each time they connect to the server, similar to the behavior in native applications.
 
Applies To
  • Next.js
  • Auth0
  • Web applications requiring frequent re-authentication
Cause
The need to set the max_age parameter in Next.js arises from the requirement to prevent users from staying logged in indefinitely. This enhances security by forcing re-authentication upon each server connection.
 
Solution
To set the max_age parameter in a Next.js application using Auth0, modify the route.ts file as follows:
  • Modify Route Configuration:
Update the route.ts to include the max_age parameter within the authorizationParams. This forces re-authentication every time users connect to the server.

import { handleAuth, handleLogin } from '@auth0/nextjs-auth0';
export const GET = handleAuth({
login: handleLogin((req) => {
return {
authorizationParams: { max_age: 0 }
};
})
});

Explanation:
  • The handleLogin function is used to customize the login handler.
  • Setting max_age: 0 within the authorizationParams ensures that the user will be re-authenticated every time they connect.
  • By implementing this change, users will be prompted to log in again upon each server connection, thus meeting the requirement for frequent re-authentication.

Recommended content

No recommended content found...
Need more help? Visit the Community
Visit the Auth0 Community