Jenkis Khan Posts - Answer Overflow

Jenkis Khan

•Created by Jenkis Khan on 5/21/2025 in #💻┃support

Refresh session in nextjs app router sdk for client UI

Hi Kinde team, I'm implementing RBAC in my Next.js application and have a question about keeping permissions in sync. When I delete a permission from my admin panel: 1. How do refreshToken(), refreshData(), and refreshUserClaims() differ functionally? 2. Is there an automated way to update affected users' permissions both server and client-side? 3. I've noticed access tokens don't update automatically when permissions change - what's the recommended approach for this scenario? Currently, users retain outdated permissions until their token expires or they re-login. I'd appreciate guidance on implementing real-time permission updates following a permission deletion. Thanks!

5 replies

KKinde

•Created by Jenkis Khan on 5/6/2025 in #💻┃support

Revok acceess

Hi, I' m working on rbac system with nextjs app router and I want to revok access from a user when it is suspended but it does not work.

/** My DAO */
async function updateUserStatus(id: string, userbody: UserStatus) {
  try {
    init();
    const response = await Users.updateUser({ id, requestBody: userbody });
    return { data: {id: response.id, is_suspended: response.is_suspended}, status: 200 } as SuccessResponse<UserStatus>;
  } catch (error: unknown) {
    return handleDaoError(error as ApiError);
  }
}
async function revokeUserSession(userId: string) {
  try {
    init();
    await Users.deleteUserSessions({ userId });
    await Users.refreshUserClaims({ userId });
  } catch (error: unknown) {
    return handleDaoError(error as ApiError);
  }
}

/** My service */
export async function updateUserStatus(id: string, userbody: UserStatus) {
  const { checkPermission } = await getServerSession();
  const isAdmin = (await checkPermission("admin:admin"))?.isGranted;
  if(!isAdmin && !(await checkPermission("update:user"))?.isGranted) {
    return handleDaoError(new ValidationError("User does not have permission to update user", "User"));
  }
  const validateId = zodSchemas.IdSchema.safeParse(id);
  if(!validateId.success) {
    return handleDaoError(new ValidationError(validateId.error.errors[0].message, "User"));
  }
  const { is_suspended } = userbody;
  return UserDao.updateUserStatus(validateId.data, { is_suspended });
}

async function revokeUserSession(id: string) {
  return UserDao.revokeUserSession(id);
}

// My route 
export async function PATCH(request: Request, { params }: { params: Promise<{ userId: string }> } ) {
  const { userId } = await params;
  const { is_suspended } = await request.json();
  const user = await UserServices.updateUserStatus(userId, { is_suspended });
  if("data" in user && user.data.is_suspended) {
    await UserServices.revokeUserSession(userId); 
  }
  return NextResponse.json({...user}, { status: user.status });
}

/** My DAO */
async function updateUserStatus(id: string, userbody: UserStatus) {
  try {
    init();
    const response = await Users.updateUser({ id, requestBody: userbody });
    return { data: {id: response.id, is_suspended: response.is_suspended}, status: 200 } as SuccessResponse<UserStatus>;
  } catch (error: unknown) {
    return handleDaoError(error as ApiError);
  }
}
async function revokeUserSession(userId: string) {
  try {
    init();
    await Users.deleteUserSessions({ userId });
    await Users.refreshUserClaims({ userId });
  } catch (error: unknown) {
    return handleDaoError(error as ApiError);
  }
}

/** My service */
export async function updateUserStatus(id: string, userbody: UserStatus) {
  const { checkPermission } = await getServerSession();
  const isAdmin = (await checkPermission("admin:admin"))?.isGranted;
  if(!isAdmin && !(await checkPermission("update:user"))?.isGranted) {
    return handleDaoError(new ValidationError("User does not have permission to update user", "User"));
  }
  const validateId = zodSchemas.IdSchema.safeParse(id);
  if(!validateId.success) {
    return handleDaoError(new ValidationError(validateId.error.errors[0].message, "User"));
  }
  const { is_suspended } = userbody;
  return UserDao.updateUserStatus(validateId.data, { is_suspended });
}

async function revokeUserSession(id: string) {
  return UserDao.revokeUserSession(id);
}

// My route 
export async function PATCH(request: Request, { params }: { params: Promise<{ userId: string }> } ) {
  const { userId } = await params;
  const { is_suspended } = await request.json();
  const user = await UserServices.updateUserStatus(userId, { is_suspended });
  if("data" in user && user.data.is_suspended) {
    await UserServices.revokeUserSession(userId); 
  }
  return NextResponse.json({...user}, { status: user.status });
}

2 replies

Gaming

Programming