Refresh maxAgeInSeconds is too small (<25 days)

[cip8]

Environment

• Operating System: Linux
• Node Version: v20.11.1
• Nuxt Version: 3.13.0
• CLI Version: 3.13.0
• Nitro Version: 2.9.7
• Package Manager: npm@10.2.4
• Builder: -
• User Config: runtimeConfig, build, app, modules, plugins, css, auth, devtools, devServer, compatibilityDate
• Runtime Modules: @sidebase/nuxt-auth@0.9.1, @nuxtjs/tailwindcss@6.12.1
• Build Modules: -

Reproduction

Set a number bigger than 24.85 days for the refresh token's maxAgeInSeconds.

My full config:

  auth: {
    isEnabled: true,
    globalAppMiddleware: {
      isEnabled: true,
      allow404WithoutAuth: true,
      addDefaultCallbackUrl: true,
    },
    baseURL: 'http://localhost:4100/v1/',
    provider: {
      type: 'local',
      endpoints: {
        signIn: { path: 'auth/login', method: 'post' },
        signOut: { path: 'auth/logout', method: 'post' },
        signUp: { path: 'auth/user', method: 'post' },
        getSession: { path: 'user/myself', method: 'get' },
      },
      pages: {
        login: '/',
      },
      token: {
        cookieName: 'at',
        type: 'Bearer',
        signInResponseTokenPointer: '/access_token',
        maxAgeInSeconds: 1800, // 30 min
        sameSiteAttribute: 'strict',
        secureCookieAttribute: true,
        cookieDomain: 'localhost',
        httpOnlyCookieAttribute: false,
      },
      refresh: {
        isEnabled: true,
        endpoint: { path: 'auth/refresh', method: 'post' },
        refreshOnlyToken: false,
        token: {
          cookieName: 'rt',
          signInResponseRefreshTokenPointer: '/refresh_token',
          refreshRequestTokenPointer: '/refresh_token',
          maxAgeInSeconds: 15552000, // 180 days
          sameSiteAttribute: 'lax',
          secureCookieAttribute: false,
          cookieDomain: 'localhost',
          httpOnlyCookieAttribute: false,
        }
      }
    },
    sessionRefresh: {
      enableOnWindowFocus: false,
      enablePeriodically: false,
    }
  },

Describe the bug

In JavaScript, the maximum delay you can set for setInterval() (or setTimeout()) is constrained by the maximum value for a signed 32-bit integer, which is 2,147,483,647 milliseconds.

This translates to approximately 24.85 days.

I'd like to use 180 days here, so if I assign 15552000 to maxAgeInSeconds this will be translated to 15,552,000,000 by the DefaultRefreshHandler at const intervalTime = provider.refresh.token.maxAgeInSeconds * 1e3;

The number is too big for the ensuing setInterval, which then triggers refreshes in an infinite refresh loop, in my case.

Additional context

Need different logic for the DefaultRefreshHandler setIntervals to work with bigger numbers too.

Logs

No response

[zoey-kaiser]

Hi @cip8 👋

Do you have any suggestions on how we could adapt the refresh logic to avoid using setInterval? For me, this is more of en enchantment, rather than a bug fix. Also, would you like to have a look at it?

[cip8]

Maybe a modulo-like split between BIG_NUM % MAX_JS_NUM and then adding "skip intervals" where we decrease the number of 'skips' before the actual refresh happens?

Sure, I'll think about it a bit more to see if there's a better way of handling this & will propose a fix soon.