Next Auth JWT
Hello,
I have 3 questions regarding NextAuth with JWT as session strategy:
1. When I return in the authorize function something like
I get an error that authorize does not match the User type of NextAuth. I have tried to override this in
next-auth.d.ts file, unfortunately it did not work.
2. It it save to also send the user role in authorize?
3. Does the JWT refresh automatically when it expires when using CredentialsProvider?2 Replies
I'm not sure of the answer to 1 or 3, but for 2, you should handle all client access server-side
Obviously you can hide stuff that requires auth such as the username/pfp in a header or whatever
For 2, I want to protect pages based on user role. Currently, I am doing this in
getServerSideProps (with just http request) but was wondering it this would be also possible in NextAuth and tRPC