I recently upgraded the NextAuth v3 to v4. Earlier only jwt secret was specified, now removed the jwt secret and only specified the secret under options.

Everything seems functional but getting the following error logs on production:

message: 'Invalid Compact JWE', 'JWEInvalid: Invalid Compact JWE\n' + at compactDecrypt (/app/node_modules/jose/dist/node/cjs/jwe/compact/decrypt.js:16:15)\n' + at jwtDecrypt (/app/node_modules/jose/dist/node/cjs/jwt/decrypt.js:8:61)\n' + at Object.decode (/app/node_modules/next-auth/jwt/index.js:64:34)\n' + at async Object.session (/app/node_modules/next-auth/core/routes/session.js:41:28)\n' + at async NextAuthHandler (/app/node_modules/next-auth/core/index.js:96:27)\n' + at async NextAuthNextHandler (/app/node_modules/next-auth/next/index.js:21:19)\n' + at async Object.apiResolver (/app/node_modules/next/dist/server/api-utils/node.js:182:9)\n' + at async NextNodeServer.runApi (/app/node_modules/next/dist/server/next-server.js:386:9)\n' + at async Object.fn (/app/node_modules/next/dist/server/base-server.js:488:37)\n' + at async Router.execute (/app/node_modules/next/dist/server/router.js:228:32)', name: 'JWEInvalid'

removed the jwt secret and only specified the secret under options directly.

The cause of this could potentially be that you changed your session strategy from database to jwt but still have some old session stored in the browser, so just clear your cookies and try again!

e.g.

if you changed:

export const authOptions = {
  // ...
  session: {
    strategy: "database",
  }
  // ...
}

to:

export const authOptions = {
  // ...
  session: {
    strategy: "jwt",
  }
  // ...
}

they make sure you clear your cookies.