If you call auth functions from the server side, you can encounter this token synchronization issue.
NextAuth stores auth tokens in httpOnly cookies within the user's browser by default. When server side auth calls refresh the tokens, the updated tokens don't automatically sync with the browser's cookies. The refreshed token is stored in the memory for temporary use.
So the browser continues using the old, expired token stored in its httpOnly cookie. Then every time you check the token expiration, you see the same expired timestamp because the browser's cookie was never updated with the refreshed token from the server.
However, when you call auth functions from the client side, the updated tokens are automatically sent back with the response and properly update the browser's cookies.
You can check this by calling an auth function from client side after the token is expired.