From afef77861219398ae96e180dc257fb45ffe8ea4a Mon Sep 17 00:00:00 2001 From: Claude VM Date: Tue, 19 May 2026 07:31:06 +0300 Subject: [PATCH] debug(auth): log jwt callback state + re-expose session.debug MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Still hitting invalid_token. Need to see jwt callback behavior live — why is refresh not firing for Marius? --- src/core/auth/auth-options.ts | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/src/core/auth/auth-options.ts b/src/core/auth/auth-options.ts index 6d3760b..7d7c7f5 100644 --- a/src/core/auth/auth-options.ts +++ b/src/core/auth/auth-options.ts @@ -142,6 +142,14 @@ export const authOptions: NextAuthOptions = { const exp = typeof token.accessTokenExpires === "number" ? token.accessTokenExpires : 0; + const secLeft = Math.round((exp - Date.now()) / 1000); + console.log( + "[auth] jwt secLeft=%d hasAccess=%s hasRefresh=%s err=%s", + secLeft, + !!token.accessToken, + !!token.refreshToken, + token.error ?? "none", + ); if ( token.accessToken && token.refreshToken && @@ -161,6 +169,15 @@ export const authOptions: NextAuthOptions = { (session as any).accessToken = token.accessToken; // Surface refresh failure so the client can force a re-login UX. if (token.error) (session as any).error = token.error; + // Temporary diagnostic — confirm token state in session. + (session as any).debug = { + hasRefreshToken: !!token.refreshToken, + accessTokenExpiresIn: + typeof token.accessTokenExpires === "number" + ? Math.round((token.accessTokenExpires - Date.now()) / 1000) + : null, + tokenError: token.error ?? null, + }; // Faza C cutover flag — exposed on session so client components can // branch the same way server routes do (env-driven, evaluated per // request so flag flip + container restart picks up without rebuild).