NextAuth requires the AUTH_SECRET env variable to be defined at compile time since last version
Unanswered
Loïs posted this in #help-forum
LoïsOP
I updated yesterday my packages in my nextjs project:
NextJS 14.0.4 to 14.1.1
AuthJS (Next Auth) 5.0.0-beta.13 to 5.0.0-beta.16
React 18 to 18.2.0
React-Dom 18 to 18.2.0
I had to update because the AUTH_URL was not working and was buggy on this version.
I now have a problem, when compiling, I get an error telling me missing secret for AuthJS
Auth secret wasn't required before to compile and I don't see why it should be now.
It's rather annoying when you have to deploy several stacks with different keys if you have to regenerate the image each time.
Do you have a solution?
Thanks
NextJS 14.0.4 to 14.1.1
AuthJS (Next Auth) 5.0.0-beta.13 to 5.0.0-beta.16
React 18 to 18.2.0
React-Dom 18 to 18.2.0
I had to update because the AUTH_URL was not working and was buggy on this version.
I now have a problem, when compiling, I get an error telling me missing secret for AuthJS
Auth secret wasn't required before to compile and I don't see why it should be now.
It's rather annoying when you have to deploy several stacks with different keys if you have to regenerate the image each time.
Do you have a solution?
Thanks
15 Replies
You need that variable in your environment variables.
Its not needed on dev but on production you must generate a secure one that you dont pass around and keep a secret.
Its not needed on dev but on production you must generate a secure one that you dont pass around and keep a secret.
Read this thoroughly:
https://next-auth.js.org/configuration/options#secret
https://next-auth.js.org/configuration/options#secret
It will answer all your questions
@Clown You need that variable in your environment variables.
Its not needed on dev but on production you must generate a secure one that you dont pass around and keep a secret.
LoïsOP
Yes, I know.
But here's what I used to do
- Push to my gitlab repository
- Gitlab ci compiles my nextjs application into a docker image
- I pull this image onto my server and there the env variables are defined, in particular Auth secret
This also allows me to deploy test containers / for other clients
Does "Required in production" in the documentation mean required for compilation? I don't think so
The error occurs during compilation, I don't understand why, since the last version, it now looks for the authentication secret to compile. This was not the case before.
But here's what I used to do
- Push to my gitlab repository
- Gitlab ci compiles my nextjs application into a docker image
- I pull this image onto my server and there the env variables are defined, in particular Auth secret
This also allows me to deploy test containers / for other clients
Does "Required in production" in the documentation mean required for compilation? I don't think so
The error occurs during compilation, I don't understand why, since the last version, it now looks for the authentication secret to compile. This was not the case before.
Well i don't remember if it was required at compile time or not. Either way it doesn't matter much. Just create the environment variable.
LoïsOP
But will the secret used by the image be the one compiled or the one I define as an environment variable on startup?
I don't want my different clients to have the same secret
I don't want my different clients to have the same secret
Hmm... Unfortunately you will have to test that by doing a console log or something.
From my knowledge, and i may very well be wrong, the environment variables during the time of the build will be considered rather than the docker ones.
But you should test it out cause I'm not 100% sure
LoïsOP
This change is really stupid, I think, and I hope it's a bug
I'm going to test it
LoïsOP
So I opened an issue at NextAuth as well as at NextJS because I don't know where the problem comes from (I have the impression that it comes from NextJS, as if they had changed the way of compiling).
NextAuth issue: https://github.com/nextauthjs/next-auth/issues/10432
NextJS issue: https://github.com/vercel/next.js/issues/63831
NextAuth issue: https://github.com/nextauthjs/next-auth/issues/10432
NextJS issue: https://github.com/vercel/next.js/issues/63831
LoïsOP
It seems to be linked to this merge https://github.com/nextauthjs/next-auth/pull/10305
Many people have the same problem