Login/Register
How to Fix NO_SECRET warning thrown by Next-Auth
Asked Answered
Solved next.jsnext-auth
B

6

19

I have a Next js application that uses Next Auth. While in development I continuously keep getting that warning stipulating that I need to set a secret but I don't know where I should set it.

Following this reference I see I just need to run openssl rand -base64 32 to get a secret but I have no Idea where to put it

Beitris answered 14/1, 2022 at 14:30 Comment(0)
B
23

In the [...nextauth].js outside provider and callback you can set the secret and it's value. As it is recommended to store such values in environment variable you can do the following

export default NextAuth({
 
  providers: [ 
  ],
  callbacks: {
  },
  secret: process.env.JWT_SECRET,
});
Beitris answered 14/1, 2022 at 17:22 Comment(1)
This is working with only one provider, what if there are more than one provider?Zacatecas
D
13

You should insert the command openssl rand -base64 32in your Linux terminal, then it will generate a Token to use it on an .env file with the variable name NEXTAUTH_SECRET=token_generated. So the error [next-auth][warn][NO_SECRET] will not be showed again on console.

Dowski answered 5/4, 2022 at 14:2 Comment(0)
J
10

In my case i had to upgrade next and next-auth module to the latest version. [email protected] and [email protected] worked for me.

NEXTAUTH_SECRET=secret string here

You can generate secret key using this command line openssl rand -base64 32 in command prompt or windows power shell.

And in the next-auth configuration [...nextauth].ts file

export default NextAuth({
 
  providers: [ 
  ],
  callbacks: {
  },
  secret: process.env.NEXTAUTH_SECRET,
});

It is said if secret is not defined in [...nextauth].ts, it loads NEXTAUTH_SECRET from env, but I added it and works like charm. :)

Jigging answered 13/6, 2022 at 9:52 Comment(2)
The command you said neither works in CMD nor PS.Greenroom
link to possible solution @AliBahaari #11896804Jigging
M
1

I had this problem recently on a Vercel deployment

I solved it with the following steps:

  1. Create NEXTAUTH_URL and NEXTAUTH_SECRET on .env (the URL is your domain and the secret is any hash)
  2. Go on your settings project on Vercel and add NEXTAUTH_SECRET on your Environment Variables (same secret of your .env)

I'm using middleware and the code is:

export { default } from "next-auth/middleware"
export const config = { matcher: ["/admin/dashboard/", "/admin/dashboard/:path*"] }
Mantelet answered 19/8, 2023 at 1:31 Comment(0)
O
1

You have to set NEXTAUTH_SECRET="long random string", for example, NEXTAUTH_SECRET= "xsdvsdvsrfverrveverv".

When you will deploy on the server like vercel then env.local file won't work. You have to create .env and keep NEXTAUTH_SECRET= "xsdvsdvsrfverrveverv" exactly the same in .env and in production variables.

And in api/auth/[...nextauth]/route.js,

session:{
    strategy : 'jwt'
},

callbacks: {
    async session(session) {
        return session;
      }
},
   
secret: process.env.NEXTAUTH_SECRET,

pages : {
    signIn: "/login"
}
Oaks answered 23/4 at 4:39 Comment(0)
A
0

It seems like your Next.js application is not able to find the AUTH_SECRET environment variable. Here's how you can set it:

Create a .env.local file in the root of your project if it doesn't exist already.

Add
AUTH_SECRET=your_secret_here to the file, replacing your_secret_here with your actual secret. Save the file. Restart your Next.js server. Here's the code to add to your .env.local file: AUTH_SECRET=your_secret_here

Remember to replace your_secret_here with your actual secret.

If you've already done this and it's still not working, make sure that you're correctly loading the environment variables in your Next.js application. You can use the next.config.js file to do this:

`module.exports = {
  env: {
    AUTH_SECRET: process.env.AUTH_SECRET,
  },
}`
Antefix answered 15/4 at 15:16 Comment(1)
Was any of this AI-generated?Instrumentalist

© 2022 - 2024 — McMap. All rights reserved.