Hi WebInity,
I stumble upon the issue that next.js was not proxying cookies from GraphQL server to the user. On SSR user’s cookies can be proxied to GraphQL but not the other way around, at least not by default. I guess we would need to implement it in custom Apollo Client link.

After trying to make this work I made a step back and started to think why would I server side render restricted pages. I figured out that SSR is needed mostly for main pages for SEO purposes. What I did is I put all restricted pages as a dynamic import in next.js. Also I made sure refreshToken calls are made only on client side. The page I was constructing is https://goodsrent.com — refreshToken calls will happen only on client side there. Pages like https://goodsrent.com/account are almost entirely loaded only on client with dynamic import. Still on every page in top-right corner there is a small component that shows if you’re logged in or not. When you load the page the small circle will be grey and when the client side js start, refreshToken call is made and if you’re logged in this small circle became green.

Basically, I decided it’s better for me not to try authenticate through next.js on SSR. But still, I would like to find out how I can proxy cookies coming from GraphQL server through next.js — this would allow me to render restricted pages — but again, question is do we really want to SSR such pages.