`fetchAuthSession` does not refresh auth tokens when run in NextJS middleware

[cekpowell]

Before opening, please confirm:

• [X] I have searched for duplicate or closed issues and discussions.
• [X] I have read the guide for submitting bug reports.
• [X] I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.

JavaScript Framework

Next.js

Amplify APIs

Authentication

Amplify Version

v6

Amplify Categories

auth

Backend

Other

Environment information

``` # Put output below this line System: OS: macOS 14.0 CPU: (12) arm64 Apple M2 Pro Memory: 127.08 MB / 16.00 GB Shell: 5.9 - /bin/zsh Binaries: Node: 18.18.2 - ~/.nvm/versions/node/v18.18.2/bin/node Yarn: 1.22.19 - /usr/local/bin/yarn npm: 9.8.1 - ~/.nvm/versions/node/v18.18.2/bin/npm Watchman: 2024.05.02.00 - /opt/homebrew/bin/watchman Browsers: Chrome: 125.0.6422.142 Safari: 17.0 npmPackages: @ampproject/toolbox-optimizer: undefined () @apollo/client: 3.10.4 => 3.10.4 @apollo/client/cache: undefined () @apollo/client/core: undefined () @apollo/client/dev: undefined () @apollo/client/errors: undefined () @apollo/client/link/batch: undefined () @apollo/client/link/batch-http: undefined () @apollo/client/link/context: undefined () @apollo/client/link/core: undefined () @apollo/client/link/error: undefined () @apollo/client/link/http: undefined () @apollo/client/link/persisted-queries: undefined () @apollo/client/link/remove-typename: undefined () @apollo/client/link/retry: undefined () @apollo/client/link/schema: undefined () @apollo/client/link/subscriptions: undefined () @apollo/client/link/utils: undefined () @apollo/client/link/ws: undefined () @apollo/client/react: undefined () @apollo/client/react/components: undefined () @apollo/client/react/context: undefined () @apollo/client/react/hoc: undefined () @apollo/client/react/hooks: undefined () @apollo/client/react/internal: undefined () @apollo/client/react/parser: undefined () @apollo/client/react/ssr: undefined () @apollo/client/testing: undefined () @apollo/client/testing/core: undefined () @apollo/client/testing/experimental: undefined () @apollo/client/utilities: undefined () @apollo/client/utilities/globals: undefined () @apollo/client/utilities/subscriptions/relay: undefined () @apollo/client/utilities/subscriptions/urql: undefined () @apollo/experimental-nextjs-app-support: 0.11.0 => 0.11.0 @aws-amplify/adapter-nextjs: 1.2.1 => 1.2.1 @aws-amplify/adapter-nextjs/api: undefined () @aws-amplify/adapter-nextjs/data: undefined () @babel/core: undefined () @babel/runtime: 7.22.5 @edge-runtime/cookies: 4.1.1 @edge-runtime/ponyfill: 2.4.2 @edge-runtime/primitives: 4.1.0 @emotion/react: 11.11.4 => 11.11.4 @emotion/styled: 11.11.5 => 11.11.5 @graphql-codegen/cli: 5.0.2 => 5.0.2 @graphql-codegen/fragment-matcher: 5.0.2 => 5.0.2 @graphql-codegen/introspection: 4.0.3 => 4.0.3 @graphql-codegen/named-operations-object: 3.0.0 => 3.0.0 @graphql-codegen/typescript: 4.0.7 => 4.0.7 @graphql-codegen/typescript-operations: 4.2.1 => 4.2.1 @graphql-codegen/typescript-react-apollo: 4.3.0 => 4.3.0 @hapi/accept: undefined () @hookform/resolvers: 3.4.2 => 3.4.2 @hookform/resolvers/ajv: 1.0.0 @hookform/resolvers/arktype: 1.0.0 @hookform/resolvers/class-validator: 1.0.0 @hookform/resolvers/computed-types: 1.0.0 @hookform/resolvers/effect-ts: 1.0.0 @hookform/resolvers/io-ts: 1.0.0 @hookform/resolvers/joi: 1.0.0 @hookform/resolvers/nope: 1.0.0 @hookform/resolvers/superstruct: 1.0.0 @hookform/resolvers/typanion: 1.0.0 @hookform/resolvers/typebox: 1.0.0 @hookform/resolvers/valibot: 1.0.0 @hookform/resolvers/vest: 1.0.0 @hookform/resolvers/yup: 1.0.0 @hookform/resolvers/zod: 1.0.0 @mswjs/interceptors: undefined () @mui/material: 5.15.17 => 5.15.17 @napi-rs/triples: undefined () @next/font: undefined () @opentelemetry/api: undefined () @revenuecat/purchases-js: ^0.3.0 => 0.3.0 @sentry/nextjs: ^8 => 8.7.0 @svgr/webpack: 8.1.0 => 8.1.0 @trivago/prettier-plugin-sort-imports: 4.3.0 => 4.3.0 @types/eslint: 8.56.5 => 8.56.5 @types/node: 20 => 20.12.13 @types/react: 18 => 18.3.3 (18.3.2) @types/react-dom: 18 => 18.3.0 @types/voca: 1.4.5 => 1.4.5 @typescript-eslint/eslint-plugin: 7.9.0 => 7.9.0 @typescript-eslint/parser: 7.9.0 => 7.9.0 (7.2.0) @vercel/analytics: ^1.3.1 => 1.3.1 @vercel/nft: undefined () @vercel/og: 0.6.2 acorn: undefined () amphtml-validator: undefined () anser: undefined () apollo-link-sentry: ^4.0.0 => 4.0.0 arg: undefined () assert: undefined () async-retry: undefined () async-sema: undefined () aws-amplify: 6.3.4 => 6.3.4 aws-amplify/adapter-core: undefined () aws-amplify/analytics: undefined () aws-amplify/analytics/kinesis: undefined () aws-amplify/analytics/kinesis-firehose: undefined () aws-amplify/analytics/personalize: undefined () aws-amplify/analytics/pinpoint: undefined () aws-amplify/api: undefined () aws-amplify/api/server: undefined () aws-amplify/auth: undefined () aws-amplify/auth/cognito: undefined () aws-amplify/auth/cognito/server: undefined () aws-amplify/auth/enable-oauth-listener: undefined () aws-amplify/auth/server: undefined () aws-amplify/data: undefined () aws-amplify/data/server: undefined () aws-amplify/datastore: undefined () aws-amplify/in-app-messaging: undefined () aws-amplify/in-app-messaging/pinpoint: undefined () aws-amplify/push-notifications: undefined () aws-amplify/push-notifications/pinpoint: undefined () aws-amplify/storage: undefined () aws-amplify/storage/s3: undefined () aws-amplify/storage/s3/server: undefined () aws-amplify/storage/server: undefined () aws-amplify/utils: undefined () babel-packages: undefined () browserify-zlib: undefined () browserslist: undefined () buffer: undefined () bytes: undefined () ci-info: undefined () cli-select: undefined () client-only: 0.0.1 commander: undefined () comment-json: undefined () compression: undefined () conf: undefined () constants-browserify: undefined () content-disposition: undefined () content-type: undefined () cookie: undefined () cookies-next: ^4.2.1 => 4.2.1 cross-spawn: undefined () crypto-browserify: undefined () cspell: 8.8.1 => 8.8.1 css.escape: undefined () data-uri-to-buffer: undefined () debug: undefined () devalue: undefined () domain-browser: undefined () edge-runtime: undefined () eslint: 8 => 8.57.0 eslint-config-next: 14.2.3 => 14.2.3 eslint-config-prettier: 9.0.0 => 9.0.0 eslint-plugin-ft-flow: 2.0.3 => 2.0.3 eslint-plugin-jest: 28.5.0 => 28.5.0 eslint-plugin-jsx-expressions: 1.3.2 => 1.3.2 eslint-plugin-prettier: 5.1.3 => 5.1.3 eslint-plugin-react-hooks: 4.6.2 => 4.6.2 events: undefined () find-cache-dir: undefined () find-up: undefined () fresh: undefined () get-orientation: undefined () glob: undefined () graphql: 16.8.1 => 16.8.1 (15.8.0) gzip-size: undefined () http-proxy: undefined () http-proxy-agent: undefined () https-browserify: undefined () https-proxy-agent: undefined () husky: 9.0.11 => 9.0.11 icss-utils: undefined () ignore-loader: undefined () image-size: undefined () is-animated: undefined () is-docker: undefined () is-wsl: undefined () jest-worker: undefined () json5: undefined () jsonwebtoken: undefined () jwt-decode: 3.1.2 => 3.1.2 lint-staged: 15.2.2 => 15.2.2 loader-runner: undefined () loader-utils: undefined () lodash.curry: undefined () lottie-react: 2.4.0 => 2.4.0 lru-cache: undefined () mini-css-extract-plugin: undefined () nanoid: undefined () native-url: undefined () neo-async: undefined () next: 14.2.3 => 14.2.3 next-intl: 3.14.0 => 3.14.0 node-fetch: undefined () node-html-parser: undefined () open-cli: ^8.0.0 => 8.0.0 ora: undefined () os-browserify: undefined () p-limit: undefined () path-browserify: undefined () picomatch: undefined () platform: undefined () postcss-flexbugs-fixes: undefined () postcss-modules-extract-imports: undefined () postcss-modules-local-by-default: undefined () postcss-modules-scope: undefined () postcss-modules-values: undefined () postcss-preset-env: undefined () postcss-safe-parser: undefined () postcss-scss: undefined () postcss-value-parser: undefined () prettier: 3.2.5 => 3.2.5 process: undefined () punycode: undefined () querystring-es3: undefined () raw-body: undefined () react: 18 => 18.3.1 react-builtin: undefined () react-device-detect: 2.2.3 => 2.2.3 react-dom: 18 => 18.3.1 react-dom-builtin: undefined () react-dom-experimental-builtin: undefined () react-experimental-builtin: undefined () react-hook-form: 7.51.5 => 7.51.5 react-is: 18.2.0 react-markdown: 9.0.1 => 9.0.1 react-qr-code: 2.0.13 => 2.0.13 react-refresh: 0.12.0 react-secure-storage: ^1.3.2 => 1.3.2 react-server-dom-turbopack-builtin: undefined () react-server-dom-turbopack-experimental-builtin: undefined () react-server-dom-webpack-builtin: undefined () react-server-dom-webpack-experimental-builtin: undefined () regenerator-runtime: 0.13.4 sass-loader: undefined () scheduler-builtin: undefined () scheduler-experimental-builtin: undefined () schema-utils: undefined () semver: undefined () send: undefined () server-only: 0.0.1 setimmediate: undefined () sharp: 0.32.6 => 0.32.6 shell-quote: undefined () source-map: undefined () source-map08: undefined () stacktrace-parser: undefined () statsig-react: ^2.0.0 => 2.0.0 stream-browserify: undefined () stream-http: undefined () string-hash: undefined () string-width: 4.2.3 => 4.2.3 (5.1.2, 7.1.0) string_decoder: undefined () strip-ansi: undefined () superstruct: undefined () svgo: 3.3.2 => 3.3.2 tar: undefined () terser: undefined () text-table: undefined () timers-browserify: undefined () tty-browserify: undefined () typescript: 5 => 5.4.5 ua-parser-js: undefined () unistore: undefined () util: undefined () vm-browserify: undefined () voca: 1.4.1 => 1.4.1 watchpack: undefined () web-vitals: undefined () webpack: undefined () webpack-sources: undefined () ws: undefined () zod: 3.23.8 => 3.23.8 () npmGlobalPackages: @aws-amplify/cli: 12.11.1 corepack: 0.19.0 dotenv-cli: 7.4.2 firebase-tools: 12.0.0 get-graphql-schema: 2.1.2 ios-deploy: 1.12.2 jest: 29.7.0 npm: 9.8.1 serverless: 3.38.0 vercel: 34.1.14 ```

Describe the bug

Context

• This documentation describes how we can implement route guards in NextJS middleware using the runWithAmplifyServerContext API.

Bug

• The server-side version of fetchAuthSession is only able to fetch the session if the auth tokens (id and access) have not yet expired. Once the tokens have expired, the fetchAuthSession does not refresh the session using the refresh token, and just sets the session properties to undefined.
• The result of this is that the user is re-directed to /sign-in even though the do have a valid auth session - they just need to have their tokens refreshed.
• The docs state that the call to fetchAuthSession will refresh the tokens and return the updated ones to the client, but this is not the case.

MVP

• The docs i linked earlier give a simple MVP for this issue. If you set a short (e.g., 5 min) expiry time on your access tokens, sign in, wait for the token to expire, and refresh, you will be taken to the /sign-in page as the middleware code will determine you to be signed out.

Expected behavior

The fetchAuthSession being run on the sever should refresh the user's tokens if they have expired, and return the updated tokens in the response object.

Reproduction steps

The docs i linked earlier give a simple MVP for this issue. If you set a short (e.g., 5 min) expiry time on your access tokens, sign in, wait for the token to expire, and refresh, you will be taken to the /sign-in page as the middleware code will determine you to be signed out.

Code Snippet

// Put your code below this line.

Log output

``` // Put your logs below this line ```

aws-exports.js

No response

Manual configuration

No response

Additional configuration

No response

Mobile Device

No response

Mobile Operating System

No response

Mobile Browser

No response

Mobile Browser Version

No response

Additional information and screenshots

No response

[cwomack]

Hello, @cekpowell 👋. This looks related to issue #13472, which has had a fix released recently to resume the token refresh on the server side when necessary. Can you see if upgrading your @aws-amplify/adapter-nextjs to version 1.2.4 resolves the issue?

[cwomack]

Closing this issue as we have not heard back from you. If you are still experiencing this, please feel free to reply back and provide any information previously requested and we'd be happy to re-open the issue.

Thank you!