Work around for pulling a large amount of data in the JWT callback? #3021
-
|
Hey everyone, I am using the JWT callback with a discord provider to pull more information using the access token. Problem is, when I set the property in the token to then be passed to the session callback, the promise doesn't resolve and the session is never created. Here is my NextAuth function. export default NextAuth({
providers: [
DiscordProvider({
clientId: process.env.DISCORD_ID,
clientSecret: process.env.DISCORD_SECRET,
authorization: {
params: {
scope: 'identify email guilds'
}
}
}),
],
session: {
jwt: true
},
callbacks: {
async jwt({ token, user, account, profile }) {
if(user) {
const res = await fetch('https://discord.com/api/users/@me/guilds', {
headers: { Authorization: `Bearer ${ account.access_token }`}
});
//profile.guilds = await res.json();
token.profile = profile;
token.accessToken = account.access_token;
token.refreshToken = account.refresh_token;
}
return Promise.resolve(token);
},
async session({ session, token }) {
session.user.accessToken = token.accessToken;
session.user.refreshToken = token.refreshToken;
session.user.profile = token.profile;
console.log(token.profile.guilds);
return Promise.resolve(session);
}
}
});This works until I comment out the line to set the profile.guilds to the data pulled. The data is also successfully fetched when outputting to console.log. The only thing I can think of is the data amount is too large for JWT if chrome is restriction the cookie size? If anyone has any other ideas let me know! The only thing I can seem to make work is by putting it in the session callback but that's a no-no for working with the API. I don't want to spam the API for every session call and end up having the user be rate-limited. Next-Auth v4 |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 1 reply
-
|
unrelated, but you should NOT expose the refresh token to the client. about the size limit, a cookie can only be 4096 bytes. until we implement something like chunking, you'll have to use an database adapter to overcome the limit. See the docs disadvantages section https://next-auth.js.org/faq#json-web-tokens |
Beta Was this translation helpful? Give feedback.
-
|
Understandable with the refresh token to the client, it's only on my dev branch for testing purposes. I am limited for a database so I want to use that as a last resort. If the auth token is sent to the client (not refresh) would it be idea to fetch in next-js' getServerSidedProps and check/set a cookie based on if the fetch already happened? Could then just pass the data to the client-render process and save it in a React state? |
Beta Was this translation helpful? Give feedback.
-
|
Update, cookie chunking is on the way! #3101 🎉 |
Beta Was this translation helpful? Give feedback.
unrelated, but you should NOT expose the refresh token to the client.
about the size limit, a cookie can only be 4096 bytes. until we implement something like chunking, you'll have to use an database adapter to overcome the limit.
See the docs disadvantages section https://next-auth.js.org/faq#json-web-tokens