Skip to content

Commit f2cd455

Browse files
hkiratclaude
hkirat
and
claude
committed
fix: refresh appxAuthToken on every login to prevent stale tokens
Previously, returning users with an existing appxAuthToken in the DB would skip the Appx API call, causing stale tokens that result in "new type of video player, please relogin" errors. Now the token is always refreshed from the Appx API on login. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
1 parent 4904a89 commit f2cd455

1 file changed

Lines changed: 28 additions & 10 deletions

File tree

src/lib/auth.ts

Lines changed: 28 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -147,20 +147,38 @@ export const authOptions = {
147147
if (
148148
userDb &&
149149
userDb.password &&
150-
(await bcrypt.compare(credentials.password, userDb.password)) &&
151-
userDb?.appxAuthToken
150+
(await bcrypt.compare(credentials.password, userDb.password))
152151
) {
153152
const jwt = await generateJWT({
154153
id: userDb.id,
155154
});
156-
await db.user.update({
157-
where: {
158-
id: userDb.id,
159-
},
160-
data: {
161-
token: jwt,
162-
},
163-
});
155+
156+
// Always refresh appxAuthToken from Appx API on login
157+
try {
158+
const freshUser: AppxSigninResponse = await validateUser(
159+
credentials.username,
160+
credentials.password,
161+
);
162+
await db.user.update({
163+
where: {
164+
id: userDb.id,
165+
},
166+
data: {
167+
token: jwt,
168+
appxAuthToken: freshUser.data?.token ?? userDb.appxAuthToken,
169+
},
170+
});
171+
} catch (e) {
172+
console.log('Failed to refresh appxAuthToken:', e);
173+
await db.user.update({
174+
where: {
175+
id: userDb.id,
176+
},
177+
data: {
178+
token: jwt,
179+
},
180+
});
181+
}
164182

165183
return {
166184
id: userDb.id,

0 commit comments

Comments
 (0)