I am working on project using Next JS + NextAuth package. For user authentication we are using NextAuth with Custom Credentials provider. I am making a sign in REst API request to Firebase to get the user logged in and saving all necessary bits like Firebase tokens(access and refresh) in JWT.
The flow works.
Where i am stuck: Changing user password. Password change is pretty straight forward using firebase client SDK. But I am using Firebase API: https://firebase.google.com/docs/reference/rest/auth#section-change-password the flow to change password requires: Provide latest access token in API request above. If the latest Access token is not provided, the API would send back error like: TOKEN TOO OLD or RE AUTHENTICATE So this to work, we need to reauthenticate the user prior to making that change password request.
What I have managed to do:
- When user request password change, user needs to provide current password.
- Using the current password, i would re sign in user using API end point: https://firebase.google.com/docs/reference/rest/auth#section-sign-in-email-password
- This would work but now I need to update the latest access token in the JWT using NextAuth.
At this point i am stuck: Refreshing the JWT using Next Auth; as soon as the user is re-signed-in and again when password is changed and new access token is sent back from Firebase.
When I try to refresh the JWT with new access token (etc) token using NextAuth client side callback: https://next-auth.js.org/tutorials/refresh-token-rotation The application breaks due to access tokens are not synced on JWT and on firebase.
Questions: Is my flow correct changing the user password? Is there better way of doing this?
Any help is appreciated. Thanks
