I've been working on a web app that connects with LinkedIn. The app authentication itself is done using Supabase Auth (without any adapters). Still, to make my life easier, I chose next-auth to make users connect their LinkedIn accounts to the web app.
I only need the OAuth2 access token for doing any particular LinkedIn operation. The token's TTL (Time To Live) is set to two months, so I need to 'signin' again only after that period of time.
Screenshot of OAuth2 TTL LinkedIn Settings
I save the token to a 'tokens' table connected to the user's ID by returning it in the session (so I save it client-side)
Here's my next-auth API route (/pages/api/auth/[...nextauth].ts):
export default NextAuth({
providers: [
LinkedInProvider({
clientId: process.env.LINKEDIN_CLIENT_ID!,
clientSecret: process.env.LINKEDIN_CLIENT_SECRET!,
authorization: {
params: {
scope: 'r_liteprofile w_member_social',
},
},
}),
],
callbacks: {
async jwt({ token, account }) {
// Persist the OAuth access_token to the token right after signin
if (account) {
token.accessToken = account.access_token;
}
return token;
},
async session({ session, token, user }: { session: any; token: JWT; user: any }) {
// Send access token to the client (to then save it in the database)
session.user.token = token.accessToken;
return session;
},
},
});
When I sign out using async signOut() the logged-in LinkedIn account remains saved so as soon as I async signIn(), the token doesn't get regenerated as it still sees the account as the previous one (rightly so, since it sees it as a login method).
Is there a way to use next-auth as a 'one-time login' method? Otherwise, I'd need to create all the LinkedIn auth workflow manually - which would be quite painful lol.
Turns out I can't actually do that using next-auth by itself. In the end I custom created my own auth flow, using the LinkedIn docs.
They tend to be not as precise as I'd like, still after a while you figure them out!