getSession without token request

[hboylan]

Hi, I am wondering if it is possible (or even best practice) to get an existing user session without making an additional request to the OAuth provider for a token.

For example, the user has authenticated, received a JWT, created a session and accessed an authenticated page. Now, the user wants to visit a different authenticated page with getServerSideProps being used to fetch some data for the page. This requires an await getSession(ctx), which adds latency overhead because it is getting a fresh JWT. I wonder if it's possible to simply use the existing session if it's already set in the request cookies and unexpired.

Example:

// pages/dashboard.tsx
import Link from 'next/link'
import { useSession } from 'next-auth/react'

const Dashboard = () => {
  const { data: session } = useSession()
  
  return (
    <>
      <h1>Hi {session.name}!</h1>
      <Link href="/dashboard/item"><a>Some other page</a></Link>
    </>
  )
}

export default Dashboard

// pages/dashboard/item.tsx
const DashboardItem = ({ data }) => {
  const { data: session } = useSession()

  return (
    <ul>
      {data.map(item => <li key={item.id}>{item.title}</li>)}
    </ul>
  )
}

export const getServerSideProps = async ctx => {
  const session = await getSession(ctx) // this session should already exist in cookies

  if (!session) {
    // redirect or whatevs
  }
  
  const res = await fetch('https://some.fake.api', {
    headers: {
      Authorization: `Bearer ${session.accessToken}`
    }
  })
  const data = await res.json()

  return {
    props: { data, session },
  }
}

export default DashboardItem

Edit:
After some digging, I found getServerSession may be used in getServerSideProps to forgo the HTTP overhead of calling /api/auth/session via HTTP, but it still includes the overhead of calling the OAuth provider.

Just trying to figure out how to eliminate the ~100-400ms latency of calling the OAuth provider on page changes. 🤔

[alessandrojcm]

What's your jwt callback like? If the token is serialized to the cookie (which is the default I think), then you could check for the expiration timestamp on the jwt callback and just return the token if it is still valid; that's how we do it in our application.

[hboylan]

Hey @alessandrojcm I am doing the same with the jwt callback, but it appears to be called after hitting the OAuth API because I see log activity after every call to getSession

[alessandrojcm]

Hm, and have you tried with getToken?

[hboylan]

Yes, but I believe it's intended to be used on API endpoints rather than getServerSideProps.

// Type 'IncomingMessage & { cookies: NextApiRequestCookies; }' is missing the following properties from type 'NextApiRequest': query, body, env
const token = await getToken({ req: context.req })

[hboylan]

Then the session could not be passed down as props in the case where this is actually the initial session.

return {
  props: {
    session,
  },
}

[hboylan]

I'm a fool. My jwt callback was refreshing the token, causing the latency. Without this getServerSession(context, authOptions) works perfectly!