Comments (12)
the same, but in version 5.0.0-beta.15
, it works.
from next-auth.
Fix is incoming #10592
from next-auth.
The fix isn't in 5.0.0-beta.15. You will either have to wait for the next beta or do a patch. I"m using pnpm to apply the patch, you can also use patch-package. #10592 is what fixed it for me.
from next-auth.
NEXT_PUBLIC_AUTH_SECRET
is a horrible idea, please don't even suggest that. Those replies are marked as spam.
from next-auth.
@matthawk60 it was probably marked as spam not because you seem like a spammer, but because the suggestion is dangerous. My (limited) understanding is that the whole point of having a server-side secret like that is that it lets you be more lenient with what you store in cilent browsers, since it can be encrypted with said secret. If you hand out the secret to the client (which becomes possible when following your suggestion), enctyped cookies suddenly become decryptable.
Obviously I was not suggesting NEXT_PUBLIC_AUTH_SECRET should be used in production. Perhaps I should have added that disclaimer. But by that thinking, no one should be using a beta release of software in the first place. However, if you want to use the app router and next-auth that is currently our only option.
My testing indicated the Nextjs was removing the secret becuase it was being exposed to the client, which would be a major problem. My comment was meant to help find the problem. While this issue has only been open for a few days, there are others which have been around since beta-16 was released.
My intention was not to help users, I was commenting on an issue hoping to help debug the problem and fix the underlying issue with the software.
from next-auth.
Sorry that it took a while to get a minimal repro going...
I know of the workaround by setting the value during the build to a fake value, but is that the official solution? It might be a bit confusing, since there's quite a bit of discussion due to this change in beta 16 (see #10305 but also in the other issues linked).
from next-auth.
Any fix is available for this ? , I have AUTH_SECRET in my env, still facing issue
from next-auth.
Any fix is available for this ? , I have AUTH_SECRET in my env, still facing issue
Same issue with me as well. After cloning the next-auth repository, and completing the .env file with my secrets, I get the same error even though AUTH-SECRET has been entered.
I tried downgrading to 5.0.0-beta.15
and that error goes away, but a different one emerges.
from next-auth.
@matthawk60 it was probably marked as spam not because you seem like a spammer, but because the suggestion is dangerous. My (limited) understanding is that the whole point of having a server-side secret like that is that it lets you be more lenient with what you store in cilent browsers, since it can be encrypted with said secret. If you hand out the secret to the client (which becomes possible when following your suggestion), enctyped cookies suddenly become decryptable.
See https://next-auth.js.org/configuration/options#secret
from next-auth.
Okay, then I see where you're coming from. In the future I would still be careful about phrasing it in the way you did, because I would be willing to bet my savings that if the comment didn't get marked as spam (and therefore hidden by default) it would be tried by at least one confused developer trying to fix the error they're getting without taking the time to read up on the context around it (or what the NEXT_PUBLIC_
prefix means. It's perfectly plausible to me that it would end up as production code in that scenario.
Obviously I was not suggesting NEXT_PUBLIC_AUTH_SECRET should be used in production.
To someone new to next.js and nextauth I don't necessarily think it's obvious that you're not suggesting to use NEXT_PUBLIC_
as a production fix.
from next-auth.
Hi folks I am continuing to have the same issue. Tried to use 5.0.0-beta.15
but I got a different error on session.
Could someone help me please 🙏 ?
Uncaught MissingSecret: Missing secret, please set AUTH_SECRET or config.secret.
with this provider configuration
const providers = [
KeycloakProvider({
id: 'keycloak',
clientId: process.env.AUTH_KEYCLOAK_ID,
issuer: process.env.AUTH_KEYCLOAK_URL,
clientSecret: process.env.AUTH_SECRET,
}),
]
from next-auth.
The fix isn't in 5.0.0-beta.15. You will either have to wait for the next beta or do a patch. I"m using pnpm to apply the patch, you can also use patch-package. #10592 is what fixed it for me.
hi @matthawk60 👋
did you experimented that calling signout fn on a server action, raised an error Cookies can only be modified in a Server Action or Route Handler.
? this happens only after upgrading to the last 5.0.0-beta.17
Ho you are using the signout? My use case is that I want to match the 401 and in this case signout
from next-auth.
Related Issues (20)
- Outdated Next-Auth v4 MongoDB adapter which is broken with MongoDB nodejs driver v6+ HOT 1
- Outdated Next-Auth v4 MongoDB adapter which is broken with MongoDB nodejs driver v6+
- Route "[...nextauth]/route.ts" does not match the required types of a Next.js Route. Invalid configuration "GET": HOT 3
- discord community link expired HOT 1
- Custom Provider broken by V5 HOT 6
- How to ignore / edit provider response format
- Undocumented Changes to provider fields
- DrizzleKit Adapter not respecting $defaultFn for user.id
- FusionAuth - Provider Type Conflict
- `AdapterUser.id` is a string, but pg-adapter uses an `integer` HOT 1
- [useSession] Calling update() does nothing when unauthenticated HOT 1
- Sveltekit docs referers to NextAuth in some places. HOT 2
- Unable to return custom error message when calling signIn with redirect: false HOT 1
- TypeError: Illegal invocation HOT 1
- newUser page is always called even if user is not new on Google or Facebook Login HOT 1
- newUser page is always called even if user is not new on Google or Facebook Login HOT 1
- Error: Cannot find package "jose" from "/app/node_modules/next-auth/jwt/index.js" HOT 1
- DynamoDB Adapter can create but cannot retrieve sessions from database when using useSession() and strategy:"database"
- Invalid `prisma.account.findUnique()` invocation: AND Unknown argument `provider_providerAccountId`. Did you mean `providerId_providerAccountId`? Available options are marked with ?. HOT 1
- Please improve Express documentation. HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from next-auth.