Sync Session with Auth0 when Using Next.js
Last Updated:
Overview
This article provides a method to synchronize the Next.js application session with the Auth0 tenant-level session lifetime. When using the nextjs-auth0 library, two distinct sessions exist: the Auth0 session, governed by tenant lifetime settings like "Inactivity timeout," and the separate Next.js application session. An issue can occur when the Auth0 session expires, but the application session remains active, which prevents the user from being prompted to re-authenticate.
Applies To
- Auth0
- Next.js
- Sync Session
- nextjs-auth0
Solution
The Next.js Software Development Kit (SDK) does not include a built-in handler to automatically synchronize sessions. To resolve this, configure silent authentication to keep the application session aligned with the Auth0 session. For this approach, it is recommended to include prompt=none in the authorize request. For implementation details, refer to the official documentation on Using Silent Authentication.
For an example of how prompt=none could be added to the NextJS authorize requests, please see this comment.
