This article discusses common issues encountered when configuring token refresh when utilizing the Nextis-auth0 SDK with the Next-URQL client in production. 

• NextJS-Auth0 SDK
• Token Refresh

On the backend side, the Next.js implementation uses methods such as getAccessToken(). This will not work as the /authorize request is designed for use in an IFRAME for Silent Authentication, or a POST to the /oauth/token endpoint if a Refresh Token is present. This is not possible in a backend application.

To use Refresh Tokens in our Next.js SDK, do the following:

• Include the offline_access scope in the configuration (or AUTH0_SCOPE).
• Check “Allow Offline Access” in the API Settings.
• Make sure the “Refresh Token” grant is enabled in the Application Settings (this is the default).