Hi I m setting up supertokens with Next js for the first tim SuperTokens.com #support-questions-legacy

Hi 👋 . I'm setting up supertokens with Next.js fo...

petrgazarov

04/23/2023, 7:28 AM

Hi 👋 . I'm setting up supertokens with Next.js for the first time and have a basic question. In SSR setup (https://supertokens.com/docs/thirdparty/nextjs/session-verification/in-ssr), the "needs-refresh" prop is added so that would "force the frontend to try and refresh". Is there a way for this to be done on the server? If done on the FE, I think that means SSR isn't really working as it should.

rp_st

04/23/2023, 7:34 AM

Hey @petrgazarov

rp_st

04/23/2023, 7:35 AM

The refresh token is only stored on the client side. Therefore the refreshing request has to be initiated on the client

rp_st

04/23/2023, 7:35 AM

SSR would still be happening on the server though.

petrgazarov

04/23/2023, 7:43 AM

By SSR I mean that the browser would receive a blank page. (since I'm doing to prevent a flash on the FE

Copy code

if (pageProps.fromSupertokens === 'needs-refresh') {
    return null;
  }

) The redirect to auth from there (and the rendering of the login page) happens on the browser, I think.

petrgazarov

04/23/2023, 7:45 AM

It would be nice if the redirect happened on the server so that the server can actually render the auth page and return it back to the browser. just a hot take, no idea if this is even possible

rp_st

04/23/2023, 7:45 AM

Right yea. That’s in case the session doesn’t exist.

rp_st

04/23/2023, 7:46 AM

Well, the refresh token is stored on the client, so the server doesn’t really have a way to know for sure if the refresh token exists or not

petrgazarov

04/23/2023, 7:46 AM

Gotcha

rp_st

04/23/2023, 7:47 AM

You could always hack around and set some custom cookie which is set post login and removed when logout

rp_st

04/23/2023, 7:48 AM

And then the server could see if this cookie exists, and if it does, send the refresh error to the frontend (the current flow)

rp_st

04/23/2023, 7:48 AM

Else directly redirect the user to the login page

rp_st

04/23/2023, 7:49 AM

Actually, now that I think of this

rp_st

04/23/2023, 7:49 AM

If the sAccessToken cookie is in the request, you could safely assume that the refresh token exists on the frontend, else not

rp_st

04/23/2023, 7:50 AM

So if the getSession fails, and if the sAccessToken is not in the request object, you can directly redirect to the login page

petrgazarov

04/23/2023, 7:50 AM

Good to know! Thanks

petrgazarov

04/23/2023, 8:04 AM

I added the following to getServerSideProps:

Copy code

if (!context.req.cookies['sAccessToken']) {
    return {
      redirect: {
        destination: `/auth?redirectToPath=${context.resolvedUrl}`,
        permanent: false,
      },
    };
  }

  // rest of the code

and now the server responds with 307 Temporary Redirect when the user is logged out 👍.

rp_st

04/23/2023, 8:05 AM

Yup. This works.

petrgazarov

04/23/2023, 8:05 AM

I noticed that the built-in /auth page is rendered entirely on the client (the server response is blank). Is there a way to make that page be rendered on the server?

rp_st

04/23/2023, 8:06 AM

That’s not possible as of today unfortunately. We will be working on it in the coming months.

rp_st

04/23/2023, 8:06 AM

You always have the option to build your own login UI

petrgazarov

04/23/2023, 8:06 AM

Okay, sounds good!

54 Views

Previous Next