Login/Register
next-auth JWEDecryptionFailed
Asked Answered
Solved node.jsnext.jsjwtnext-auth
S

6

34

I am using this code to be able to use the credentials next-auth provider along with cognito as oauth serviice: this to allow email and password auth. I am running [email protected]:

import CognitoProvider from "next-auth/providers/cognito";
import NextAuth from 'next-auth'
import CredentialsProvider from "next-auth/providers/credentials"
import * as cognito from '../../../lib/cognito'
import { Auth } from 'aws-amplify';

export default NextAuth({
    providers: [
        CredentialsProvider({
            credentials: {
              username: { label: "Username", type: "text", placeholder: "jsmith" },
              password: {  label: "Password", type: "password" }
            },
            async authorize(credentials, req) {
                try {
                    const user = await Auth.signIn(credentials.username, credentials.password);
                    return user
                } catch (error) {
                    console.log('error signing in', error);
                }
            }
          })
    ],
    debug: process.env.NODE_ENV === 'development' ? true : falsey

})

I often get this error:

https://next-auth.js.org/errors#jwt_session_error decryption operation failed {
  message: 'decryption operation failed',
  stack: 'JWEDecryptionFailed: decryption operation failed\n' +
    '    at gcmDecrypt (/home/aurel/Documents/repos/front/node_modules/jose/dist/node/cjs/runtime/decrypt.js:67:15)\n' +
    '    at decrypt (/home/aurel/Documents/repos/front/node_modules/jose/dist/node/cjs/runtime/decrypt.js:92:20)\n' +
    '    at flattenedDecrypt (/home/aurel/Documents/repos/front/node_modules/jose/dist/node/cjs/jwe/flattened/decrypt.js:119:52)\n' +
    '    at async compactDecrypt (/home/aurel/Documents/repos/front/node_modules/jose/dist/node/cjs/jwe/compact/decrypt.js:18:23)\n' +
    '    at async jwtDecrypt (/home/aurel/Documents/repos/front/node_modules/jose/dist/node/cjs/jwt/decrypt.js:8:23)\n' +
    '    at async Object.decode (/home/aurel/Documents/repos/front/node_modules/next-auth/jwt/index.js:64:7)\n' +
    '    at async Object.session (/home/aurel/Documents/repos/front/node_modules/next-auth/core/routes/session.js:41:28)\n' +
    '    at async NextAuthHandler (/home/aurel/Documents/repos/front/node_modules/next-auth/core/index.js:96:27)\n' +
    '    at async NextAuthNextHandler (/home/aurel/Documents/repos/front/node_modules/next-auth/next/index.js:21:19)\n' +
    '    at async /home/aurel/Documents/repos/front/node_modules/next-auth/next/index.js:57:32',
  name: 'JWEDecryptionFailed'
}

found https://next-auth.js.org/errors#jwt_session_error in the docs but does not really help

thanks

Sense answered 7/3, 2022 at 17:55 Comment(0)
S
63

just had to add a secret to make it work

export default NextAuth({
    secret: process.env.AUTH_SECRET,
    providers: [
    ...
    ]
})
Sense answered 10/3, 2022 at 19:9 Comment(3)
This doesn't seem to work with version ^4.23.1. Any ideas? :D – Greerson
This worked for me with version ^4.24.5. πŸ‘πŸΎ – Sommerville
This works for me. my version next-auth is : ^4.24.5 – Creath
N
40

NextAuth needs NEXTAUTH_SECRET environment variable to encrypt JWTs and to hash email verification tokens. You can put it in .env file, like

NEXTAUTH_SECRET=say_lalisa_love_me_lalisa_love_me_hey

See NextAuth reference

Nilsanilsen answered 7/11, 2022 at 2:43 Comment(1)
This was my missing piece, make sure to add it and of course change the secret accordingly – Paradise
E
12

NEXTAUTH_SECRET is used to encrypt the NextAuth.js JWT, and to hash email verification tokens. This is the default value for the secret option in NextAuth and Middleware.

for more detail visit: https://next-auth.js.org/configuration/options#secret

JWTKeySupport: the key does not support HS512 verify algorithm

for more detail visit: https://next-auth.js.org/errors#jwt_session_error

use the following steps to fix the problem.

step 1: Generate your random key using following command

openssl rand -base64 32

step 2: You can add the NEXTAUTH_SECRET in .env file like this

NEXTAUTH_SECRET=YOUR_KEY_HERE,

or, add in next.config.js file like this

const config = {
  reactStrictMode: true,
  env: {
    NEXTAUTH_SECRET:"YOUR_KEY_HERE",
  },
};

export default config;

step 3: Add a secret in [...nextauth].ts

 export const nextOption = {
  
  secret: process.env.NEXTAUTH_SECRET as string,
...<rest of your code>
Ervinervine answered 25/6, 2023 at 7:19 Comment(0)
S
0

The secret a-dawg comment must be inserted into the .env.local file

More info: https://nextjs.org/docs/basic-features/environment-variables

Selwin answered 17/4, 2022 at 13:40 Comment(1)
Welcome to StackOverflow! You should copy the comment or an example into the response as well. The link itself might change and then this answer becomes incomplete. Besides, it's not obvious what were you pointing to in the link anyway. This would have been more appropriate as a comment to the answer than the standalone answer. – Xylotomy
N
0
 import { getToken } from "next-auth/jwt"

const secret = process.env.NEXTAUTH_SECRET

export default async function handler(req, res) {
  // if using `NEXTAUTH_SECRET` env variable, we detect it, and you won't actually need to `secret`
  // const session= await getToken({ req })
  const session= await getToken({ req, secret })
  console.log("JSON Web Token", session)
  res.end()
}
Nihil answered 8/11, 2023 at 4:35 Comment(0)
K
0

If you are using the token shared between separate apps within different subdomains, you need to set all NEXTAUTH_SECRET env variables the same, as the NextAuth uses this parameter to encrypt/decrypt jwt tokens...

Knitting answered 16/3 at 7:29 Comment(0)

© 2022 - 2024 β€” McMap. All rights reserved.