Allow refresh: true in getAccessToken()

[tusharpandey13]

Fixes : #1884

Changes

• Added refresh?: boolean option to getAccessToken()
• Added integration test for the same that mocks auth0 http calls.

Testing

PASSING

Test Files  12 passed (12)
      Tests  183 passed (183)
   Start at  11:29:35
   Duration  1.61s

Usage

App Router (Server Components, Route Handlers, Server Actions):

When calling getAccessToken without request and response objects, you can pass an options object as the first argument. Set the refresh property to true to force a token refresh.

// app/api/my-api/route.ts
import { getAccessToken } from '@auth0/nextjs-auth0';

export async function GET() {
  try {
    // Force a refresh of the access token
    const { token, expiresAt } = await getAccessToken({ refresh: true });

    // Use the refreshed token
    // ...

    return Response.json({ token, expiresAt });
  } catch (error) {
    console.error('Error getting access token:', error);
    return Response.json({ error: 'Failed to get access token' }, { status: 500 });
  }
}

Pages Router (getServerSideProps, API Routes):

When calling getAccessToken with request and response objects (from getServerSideProps context or an API route), the options object is passed as the third argument.

// pages/api/my-pages-api.ts
import { getAccessToken, withApiAuthRequired } from '@auth0/nextjs-auth0';
import type { NextApiRequest, NextApiResponse } from 'next';

export default withApiAuthRequired(async function handler(
  req: NextApiRequest,
  res: NextApiResponse
) {
  try {
    // Force a refresh of the access token
    const { token, expiresAt } = await getAccessToken(req, res, {
      refresh: true
    });

    // Use the refreshed token
    // ...

    res.status(200).json({ token, expiresAt });
  } catch (error: any) {
    console.error('Error getting access token:', error);
    res.status(error.status || 500).json({ error: error.message });
  }
});

[codecov-commenter]

Codecov Report

Attention: Patch coverage is 90.24390% with 8 lines in your changes missing coverage. Please review.

Project coverage is 82.53%. Comparing base (64ae3d4) to head (950edb9).

Files with missing lines	Patch %	Lines
src/server/client.ts	76.47%	8 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2055      +/-   ##
==========================================
+ Coverage   80.02%   82.53%   +2.51%     
==========================================
  Files          21       21              
  Lines        1907     1941      +34     
  Branches      315      342      +27     
==========================================
+ Hits         1526     1602      +76     
+ Misses        376      333      -43     
- Partials        5        6       +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[cbovis]

Thanks for prioritising this @tusharpandey13. I have it as a blocker for upgrading at the moment which blocks our NextJS 15 upgrade. Just wondering if you have a rough idea of when this might get completed and released?

[tusharpandey13]

We'll release this soon, ETA might be tomorrow EOD

[cbovis]

Any more updates on when we can expect to see this go in? Right now it's a blocker on NextJS 15 upgrade which due to atrocious dev server performance in NextJS 14 is impacting our team's productivity heavily. Frustrating to see what feels ike a very simple change being dragged out.

these changes have been added

[Copilot]

Pull Request Overview

This PR introduces a new option (refresh) to force a token refresh in getAccessToken(), addressing issue #1884. Key changes include updating method overloads in the Auth0Client, adding a new forceRefresh parameter to the AuthClient’s getTokenSet method, and updating integration tests and documentation to cover this new behavior.

Reviewed Changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated no comments.

File	Description
src/server/client.ts	Updated getAccessToken overloads to accept refresh option.
src/server/client.test.ts	Added integration tests for forcing token refresh.
src/server/auth-client.ts	Updated getTokenSet to support forced refresh logic.
EXAMPLES.md	Added documentation examples for forcing token refresh.

Comments suppressed due to low confidence (1)

src/server/client.ts:349

• [nitpick] The parameter names 'arg1', 'arg2', and 'arg3' are ambiguous. Consider renaming them to more descriptive names (e.g., 'reqOrOptions', 'res', 'options') to improve code clarity.

arg1?: PagesRouterRequest | NextRequest | GetAccessTokenOptions,

[frederikprijck]

I think the seperate file is a good idea, but I would propose to:

• move the file to client/get-access-token.test.ts
• Also, as above, drop the integration in the file name.

[tusharpandey13]

1. renamed
2. getAcessToken() is present in client.ts present in server directory. Makes sense to keep the test in server.

[frederikprijck]

We do not need to assert this, we know this is the case by asserting the returned values. If we want to assert this, I would propose to do it differently, as this doesnt look like what we want.