Required AUTH_SECRET in latest version

[LoisDuplain]

Environment

System:

• OS: Windows 11 10.0.22631
• CPU: (6) x64 Intel(R) Core(TM) i5-9600K CPU @ 3.70GHz
• Memory: 4.64 GB / 15.91 GB

Binaries:

• Node: 21.1.0 - C:\Program Files\nodejs\node.EXE
• Yarn: 1.22.21 - C:\Program Files\nodejs\yarn.CMD
• npm: 10.2.0 - C:\Program Files\nodejs\npm.CMD
• pnpm: 8.15.3 - ~\AppData\Local\pnpm\pnpm.EXE

Browsers:

• Edge: Chromium (123.0.2420.65)
• Internet Explorer: 11.0.22621.1

npmPackages:

• next: ^14.1.4 => 14.1.4
• next-auth: ^5.0.0-beta.16 => 5.0.0-beta.16
• react: ^18.2.0 => 18.2.0

Reproduction URL

https://github.com/LoisDuplain/next-auth-example

Describe the issue

In the latest version of next with next auth, the AUTH_SECRET environment variable is mandatory, whereas it wasn't before.

It's not logical that it should be, because I need to deploy the same software several times for different customers, for example. So I'm not going to have fun recompiling my software 20 times for each customer just to have a different AUTH_SECRET.

How to reproduce

There are two branches on the reproduction repository:

• The main branch for the latest version of next, next auth... including the bug
• And a "previous version" branch to show how it behaved before (the behaviour that should be correct).

To reproduce it juste git clone and execute npm run build
Then switch to "previous-version" branch and execute npm run build

Expected behavior

In the latest version of next with next auth, the AUTH_SECRET environment variable is mandatory, whereas it wasn't before.

It's not logical that it should be, because I need to deploy the same software several times for different customers, for example. So I'm not going to have fun recompiling my software 20 times for each customer just to have a different AUTH_SECRET.

[LoisDuplain]

It's due to this wrong fix : #10305

[ndom91]

AUTH_SECRET can be set as an environment variable, so you don't need to recompile for each customer.

Also it's not AUTH_SECRET that is required, just a secret in general. You can use the secret config option as well. However, in your situation, that would require a re-compile, so I'd recommend the AUTH_SECRET environment variable.

[nphmuller]

Hi @LoisDuplain , I opened a new issue (#10478), because I think this might have been closed incorrectly. I hope you don't mind I copied over your details described in this issue.

[pranavmappoli]

Any fix is available for this ? , I have AUTH_SECRET in my env, still facing issue

[NickooMar]

@pranavmappoli

Any fix is available for this ? , I have AUTH_SECRET in my env, still facing issue

I was facing the same issue, and the problem was that these specific environment variables can't be read in the 'use client' directive, so you must locate that logic in a server side file.

Read: Nextjs Enviroment variables

[ndom91]

Yeah the issue is that your AUTH_SECRET isn't being picked up somewhere along the line.

Also keep in mind when building for prod, next.js is prerendering these apps so its gotta be there during build too

[ndom91]

Also without this warning, yuo wuold have shipped to prod with an empty AUTH_SECRET most likely