Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(core): detect NEXTAUTH_SECRET #3783

Merged
merged 2 commits into from
Feb 2, 2022
Merged

feat(core): detect NEXTAUTH_SECRET #3783

merged 2 commits into from
Feb 2, 2022

Conversation

balazsorban44
Copy link
Member

Since v4, we have made providing a secret mandatory in production. The NextAuth configuration (in [...nextauth].js) required either the top-level secret or jwt.secret values to be set, otherwise an error is thrown. https://next-auth.js.org/errors#no_secret

To make this configuration easier (which ties in with #3657), we are going to detect if you set a NEXTAUTH_SECRET variable automatically, so it is less likely that you end up with the above error.

Reasoning 馃挕

Checklist 馃Б

  • Documentation
  • Tests
  • Ready to be merged

Affected issues 馃師

@github-actions github-actions bot added the core Refers to `@auth/core` label Feb 2, 2022
@balazsorban44 balazsorban44 temporarily deployed to Preview February 2, 2022 00:56 Inactive
@github-actions
Copy link

github-actions bot commented Feb 2, 2022

馃帀 Experimental release published on npm!

npm i next-auth@0.0.0-pr.3783.db8ceb0d
yarn add next-auth@0.0.0-pr.3783.db8ceb0d

@balazsorban44 balazsorban44 merged commit f20d679 into main Feb 2, 2022
@balazsorban44 balazsorban44 deleted the feat/nextauth-secret branch February 2, 2022 01:08
This was referenced Feb 2, 2022
Closed
Merged
reconbot added a commit to reconbot/next-auth that referenced this pull request Apr 3, 2022
@reconbot
docs: Update JWT docs to reflect JWE changes in v4
75a71eb 
This PR nextauthjs#3039 changed the defaults for JWT tokens to be encrypted by default (JWE). We have conflicting documentation across the docs site and readme.

Additionatlly this PR nextauthjs#3783 made providing a secret required in production via NEXTAUTH_SECRET or an option.
@reconbot reconbot mentioned this pull request Apr 3, 2022
Merged
2 tasks
balazsorban44 pushed a commit that referenced this pull request Apr 5, 2022
@reconbot @ndom91
docs: Update JWT docs to reflect JWE changes in v4 (#4313)
63398d4 
* docs: Update JWT docs to reflect JWE changes in v4

This PR #3039 changed the defaults for JWT tokens to be encrypted by default (JWE). We have conflicting documentation across the docs site and readme.

Additionatlly this PR #3783 made providing a secret required in production via NEXTAUTH_SECRET or an option.

* Missed a reference

* Update docs/docs/faq.md

Co-authored-by: Nico Domino <yo@ndo.dev>

* Update docs/docs/faq.md

Co-authored-by: Nico Domino <yo@ndo.dev>

Co-authored-by: Nico Domino <yo@ndo.dev>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
core Refers to `@auth/core`
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@balazsorban44