search

nextauthjs / next-auth

Authentication for the Web.
https://authjs.dev
ISC License
24.96k stars 3.52k forks source link

MissingSecret error during Next build since 5.0.0-beta.16 #10478

Closed nphmuller closed 7 months ago

nphmuller commented 7 months ago

Environment

System: OS: macOS 14.4 CPU: (10) arm64 Apple M1 Pro Memory: 1.56 GB / 32.00 GB Shell: 5.9 - /bin/zsh Binaries: Node: 20.9.0 - ~/.nvm/versions/node/v20.9.0/bin/node npm: 10.2.5 - ~/.nvm/versions/node/v20.9.0/bin/npm pnpm: 8.15.4 - ~/Library/pnpm/pnpm bun: 1.0.30 - /opt/homebrew/bin/bun Browsers: Chrome: 123.0.6312.105 Safari: 17.4 npmPackages: next: 14.1.4 => 14.1.4 next-auth: 5.0.0-beta.16 => 5.0.0-beta.16 react: ^18 => 18.2.0

Reproduction URL

https://github.com/LoisDuplain/next-auth-example

Describe the issue

This is a duplicate issue for https://github.com/nextauthjs/next-auth/issues/10432 which, in my understanding, was closed incorrectly.

The linked issue meant that AUTH_SECRET suddenly was required during the build, while it previously was not. It was already clear that AUTH_SECRET (or the secret config option) was required during runtime. But the breaking behaviour is that it now suddenly is required during build.

How to reproduce

The build now fails with the following error:

Collecting page data .A: Missing secret, please set AUTH_SECRET or config.secret. Read more at https://errors.authjs.dev#missingsecre

Expected behavior

No error. The build should succeed.

hazamashoken commented 7 months ago

Current workaround is to just set anything to AUTH_SECRET during build time and change the env variable again during runtime. But yea this is very annoying.

SpectralAngel commented 7 months ago

It is not even reading the secret while using npm next dev, the check for AUTH_SECRET should not be there until the app has been completely initialiazed, that means until the environment variables have been loaded (build time is bad for it also)

balazsorban44 commented 7 months ago

Hi all,

Current workaround is to just set anything to AUTH_SECRET during build time

This would be my suggestion too. The reason for this is that some path in your code might be hit during prerendering (next build) that relies on auth. This will result in the AUTH_SECRET check invocation.

  1. You can set it to a dummy value, just make sure that the production version has a properly set secret. You can use npx auth secret for example.
  2. Or you can try to figure out what invoked authentication. The missing secret check is already a runtime check.

It is not even reading the secret while using npm next dev,

This sounds unrelated and something specific to your project. Next.js reads environment variables as a priority so they should always be available before the dev server is initialized. I cannot tell more without seeing your code, but it's most likely nothing to do with Auth.js.

StuartMorris0 commented 7 months ago

I have the same issue with a turborepo project. AUTH_SECRET is set in an env file and is also included in turbo config.

It doesn't appear to be used. I presume pnpm dev is using the env.local and the pnpm build even when run locally is not using .env.local or not finding the value for some reason.

Rolling back to the previous beta version does resolve the issue for now

StuartMorris0 commented 7 months ago

I don't think the issue is resolved just yet @balazsorban44

balazsorban44 commented 7 months ago

Please open a new issue with a minimal reproduction then. Please don't give a full monorepo that takes a lot of time to set up, please strip it down to the bare minimum that still reproduces the issue, if the monorepo setup is even relevant. if it reproduces without one, please provide a simple repo isntead.

Saying that it's not resolved is not actionable.