The Next-Auth session stores its data in cookies, so adding the necessary tokens for our authentication flow to the session object creates very large cookie headers (9kb +). This is in turn causes issues with the reverse proxies in the ohcrn-dev cluster, resulting in server errors when redirecting from Keycloak to the Consent UI. For the time being, devops has made some adjustments to the Nginx configuration in the dev cluster to increase allowed header/proxy buffer sizes. This is just a stop gap solution to unblock work on the UI auth flow.
The full solution is to move the token info out of the session object and into either a database or in memory storage solution, and have the session store a key to access this user info. Next-Auth provides options for this with their Database session strategy:
The Next-Auth session stores its data in cookies, so adding the necessary tokens for our authentication flow to the session object creates very large cookie headers (9kb +). This is in turn causes issues with the reverse proxies in the ohcrn-dev cluster, resulting in server errors when redirecting from Keycloak to the Consent UI. For the time being, devops has made some adjustments to the Nginx configuration in the dev cluster to increase allowed header/proxy buffer sizes. This is just a stop gap solution to unblock work on the UI auth flow.
The full solution is to move the token info out of the session object and into either a database or in memory storage solution, and have the session store a key to access this user info. Next-Auth provides options for this with their Database session strategy:
https://authjs.dev/concepts/session-strategies#database https://github.com/nextauthjs/next-auth/blob/main/packages/adapter-pg/src/index.ts https://authjs.dev/guides/basics/refresh-token-rotation
Some suggested approaches from @joneubank : look into the adapters available for both: