Access stored next-auth session token information on server

[LNFWebsite]

Hi, for background I'm trying to create a single sign-on solution between two applications run on the same server/hostname (one is a Next app with NextAuth and the other is a simple node http/ws server). Since it appears that the JWT is stored within the cookie __Secure-next-auth.session-token= I can access this header data and would like to verify this session is active and valid outside of NextAuth on a Node app which runs outside of the Next app (so I can't use the typical getSession method).

Does anyone here know where I can gather the session information to check for valid sessions?

Basically I'm looking for the server's copy of the JSON web token used for sessions.

Edit: I see now reviewing the code that JWT are stateless so I have to essentially do what this function is doing:

next-auth/src/jwt/index.ts

Line 30 in 87d0beb

/** Decodes a NextAuth.js issued JWT. */

I'm still a little confused as to how to know whether the token is authorized or not. What will jwtDecrypt return with an invalid token? And where is the secret which is passed into getDerivedEncryptionKey generated?:

next-auth/src/jwt/index.ts

Line 21 in 87d0beb

const encryptionSecret = await getDerivedEncryptionKey(secret)

Thanks

[balazsorban44]

The NextAuth.js JWT session is only meant for the same app. Use your provider's access token.