You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A clear and concise description of what the bug is.
When having authentication enabled, fetch requests work at first, but then when the token expires, the getAccessToken function is triggered to refresh the token. However, it returns the same previous cached token causing subsequent requests to drupal to fail due to an Unauthorized 401 Error. From what I've seen, this is caused by the fact that Next caches everything by default and the fetch function for this token request does not have any cache or next: { revalidate } prop set.
With the revalidation features proposed on this PR to support NextJs revalidation options, I tried setting a cache: no-store or even a next: {revalidate: 0} prop to the fetch on the getAccessToken However, on production build I've faced a DYNAMIC_SERVER_USAGEerror.
The only way I worked around this is by actually setting a revalidate time to this. I've set a revalidate: 5. and now the token issue seems to solve, although I'm not really sure if this is the way to go.
Has someone else experienced this ?
async getAccessToken(
clientIdSecret?: NextDrupalAuthClientIdSecret
): Promise<AccessToken> {
if (this.accessToken) {
return this.accessToken
}
let auth: NextDrupalAuthClientIdSecret
if (isClientIdSecretAuth(clientIdSecret)) {
auth = {
url: DEFAULT_AUTH_URL,
...clientIdSecret,
}
} else if (isClientIdSecretAuth(this.auth)) {
auth = { ...this.auth }
} else if (typeof this.auth === "undefined") {
throw new Error(
"auth is not configured. See https://next-drupal.org/docs/client/auth"
)
} else {
throw new Error(
`'clientId' and 'clientSecret' required. See https://next-drupal.org/docs/client/auth`
)
}
const url = this.buildUrl(auth.url)
// Ensure that the unexpired token was using the same scope and client
// credentials as the current request before re-using it.
if (
this.token &&
Date.now() < this._tokenExpiresOn &&
this._tokenRequestDetails?.clientId === auth?.clientId &&
this._tokenRequestDetails?.clientSecret === auth?.clientSecret &&
this._tokenRequestDetails?.scope === auth?.scope
) {
this.debug(`Using existing access token.`)
return this.token
}
this.debug(`Fetching new access token.`)
// Use BasicAuth to retrieve the access token.
const clientCredentials: NextDrupalAuthUsernamePassword = {
username: auth.clientId,
password: auth.clientSecret,
}
const body = new URLSearchParams({ grant_type: "client_credentials" })
if (auth?.scope) {
body.set("scope", auth.scope)
this.debug(`Using scope: ${auth.scope}`)
}
const response = await this.fetch(url.toString(), {
method: "POST",
headers: {
Authorization: await this.getAuthorizationHeader(clientCredentials),
Accept: "application/json",
"Content-Type": "application/x-www-form-urlencoded",
},
body,
next: { revalidate: 5 },
})
await this.throwIfJsonErrors(
response,
"Error while fetching new access token: "
)
const result: AccessToken = await response.json()
this.token = result
this._tokenRequestDetails = auth
return result
}
Expected behavior
Once the token expires, getAccessToken should actually refetch a fresh one, and not return the original cached one.
Steps to reproduce:
First set up authentication on the NextDrupal client
Then wait until token expires
😢 you get Unauthorized - 401 error, and If you log the used token, you can see is the old one.
Additional context
The path where I'm testing this is /[lang]/page.tsx with a generateStaticParams
I'm using ClientId + ClientSecret auth.
next-drupal npm package 2.0 beta version
Nextjs App router v 14.2.3
The text was updated successfully, but these errors were encountered:
Package containing the bug
next-drupal (NPM package)
Describe the bug
A clear and concise description of what the bug is.
When having authentication enabled, fetch requests work at first, but then when the token expires, the
getAccessToken
function is triggered to refresh the token. However, it returns the same previous cached token causing subsequent requests to drupal to fail due to anUnauthorized 401 Error
. From what I've seen, this is caused by the fact that Next caches everything by default and the fetch function for this token request does not have anycache
ornext: { revalidate }
prop set.With the revalidation features proposed on this PR to support NextJs revalidation options, I tried setting a
cache: no-store
or even anext: {revalidate: 0}
prop to thefetch
on thegetAccessToken
However, on production build I've faced aDYNAMIC_SERVER_USAGE
error.The only way I worked around this is by actually setting a revalidate time to this. I've set a
revalidate: 5
. and now the token issue seems to solve, although I'm not really sure if this is the way to go.Has someone else experienced this ?
Expected behavior
Once the token expires,
getAccessToken
should actually refetch a fresh one, and not return the original cached one.Steps to reproduce:
Unauthorized - 401 error
, and If you log the used token, you can see is the old one.Additional context
generateStaticParams
The text was updated successfully, but these errors were encountered: