Refresh Token already used #260
Description
Describe the bug
When calling refreshSession from within a protected middleware route, refreshSession throws an error: Refresh token already exchanged..
My use case is that the route handles the billing session checkout from Stripe, and to get the Stripe entitlements, I need to refresh the session.
I have some hacky ways to get around, but aren't best practice: either force the user to sign in; or a compnoent to check wether it needs refreshing.
To Reproduce
/src/middleware.ts
export default authkitMiddleware({
middlewareAuth: {
enabled: true,
unauthenticatedPaths: ["/"],
},
});/src/app/billing/route.ts
export const GET = async (req: NextRequest) => {
await refreshSession();
});Expected behavior
refreshSession doesn't throw an error
Desktop (please complete the following information):
- OS: macOS
- Browser chromium
- authkit-nextjs version 2.3.3
- Next.js version 15.3.2
Additional context
I found that the function updateSessionMiddleware is calling the cookies before my refresh.
Because the getSessionFromCookie function retrieves from the request cookies, the request cookies are stale.