CODEWITHSUNDEEP
node.jsnext.jsjwtnext-auth
a-dawg
a-dawg

Reputation: 1263

next-auth JWEDecryptionFailed

I am using this code to be able to use the credentials next-auth provider along with cognito as oauth serviice: this to allow email and password auth. I am running [email protected]:

import CognitoProvider from "next-auth/providers/cognito";
import NextAuth from 'next-auth'
import CredentialsProvider from "next-auth/providers/credentials"
import * as cognito from '../../../lib/cognito'
import { Auth } from 'aws-amplify';

export default NextAuth({
    providers: [
        CredentialsProvider({
            credentials: {
              username: { label: "Username", type: "text", placeholder: "jsmith" },
              password: {  label: "Password", type: "password" }
            },
            async authorize(credentials, req) {
                try {
                    const user = await Auth.signIn(credentials.username, credentials.password);
                    return user
                } catch (error) {
                    console.log('error signing in', error);
                }
            }
          })
    ],
    debug: process.env.NODE_ENV === 'development' ? true : falsey

})

I often get this error:

https://next-auth.js.org/errors#jwt_session_error decryption operation failed {
  message: 'decryption operation failed',
  stack: 'JWEDecryptionFailed: decryption operation failed\n' +
    '    at gcmDecrypt (/home/aurel/Documents/repos/front/node_modules/jose/dist/node/cjs/runtime/decrypt.js:67:15)\n' +
    '    at decrypt (/home/aurel/Documents/repos/front/node_modules/jose/dist/node/cjs/runtime/decrypt.js:92:20)\n' +
    '    at flattenedDecrypt (/home/aurel/Documents/repos/front/node_modules/jose/dist/node/cjs/jwe/flattened/decrypt.js:119:52)\n' +
    '    at async compactDecrypt (/home/aurel/Documents/repos/front/node_modules/jose/dist/node/cjs/jwe/compact/decrypt.js:18:23)\n' +
    '    at async jwtDecrypt (/home/aurel/Documents/repos/front/node_modules/jose/dist/node/cjs/jwt/decrypt.js:8:23)\n' +
    '    at async Object.decode (/home/aurel/Documents/repos/front/node_modules/next-auth/jwt/index.js:64:7)\n' +
    '    at async Object.session (/home/aurel/Documents/repos/front/node_modules/next-auth/core/routes/session.js:41:28)\n' +
    '    at async NextAuthHandler (/home/aurel/Documents/repos/front/node_modules/next-auth/core/index.js:96:27)\n' +
    '    at async NextAuthNextHandler (/home/aurel/Documents/repos/front/node_modules/next-auth/next/index.js:21:19)\n' +
    '    at async /home/aurel/Documents/repos/front/node_modules/next-auth/next/index.js:57:32',
  name: 'JWEDecryptionFailed'
}

found https://next-auth.js.org/errors#jwt_session_error in the docs but does not really help

thanks

Upvotes: 38

Views: 39141

Answers (6)

Babak Momeni
Babak Momeni

Reputation: 76

If you are using the token shared between separate apps within different subdomains, you need to set all NEXTAUTH_SECRET env variables the same, as the NextAuth uses this parameter to encrypt/decrypt jwt tokens...

Upvotes: 0

Apurv
Apurv

Reputation: 123

 import { getToken } from "next-auth/jwt"

const secret = process.env.NEXTAUTH_SECRET

export default async function handler(req, res) {
  // if using `NEXTAUTH_SECRET` env variable, we detect it, and you won't actually need to `secret`
  // const session= await getToken({ req })
  const session= await getToken({ req, secret })
  console.log("JSON Web Token", session)
  res.end()
}

Upvotes: 0

Sunil Sapkota
Sunil Sapkota

Reputation: 1220

NEXTAUTH_SECRET is used to encrypt the NextAuth.js JWT, and to hash email verification tokens. This is the default value for the secret option in NextAuth and Middleware.

for more detail visit: https://next-auth.js.org/configuration/options#secret

JWTKeySupport: the key does not support HS512 verify algorithm

for more detail visit: https://next-auth.js.org/errors#jwt_session_error

use the following steps to fix the problem.

step 1: Generate your random key using following command

openssl rand -base64 32

step 2: You can add the NEXTAUTH_SECRET in .env file like this

NEXTAUTH_SECRET=YOUR_KEY_HERE,

or, add in next.config.js file like this

const config = {
  reactStrictMode: true,
  env: {
    NEXTAUTH_SECRET:"YOUR_KEY_HERE",
  },
};

export default config;

step 3: Add a secret in [...nextauth].ts

 export const nextOption = {
  
  secret: process.env.NEXTAUTH_SECRET as string,
...<rest of your code>

Upvotes: 12

Chayapol
Chayapol

Reputation: 3934

NextAuth needs NEXTAUTH_SECRET environment variable to encrypt JWTs and to hash email verification tokens. You can put it in .env file, like

NEXTAUTH_SECRET=say_lalisa_love_me_lalisa_love_me_hey

See NextAuth reference

Upvotes: 44

Ale Prieto
Ale Prieto

Reputation: 89

The secret a-dawg comment must be inserted into the .env.local file

More info: https://nextjs.org/docs/basic-features/environment-variables

Upvotes: 0

a-dawg
a-dawg

Reputation: 1263

just had to add a secret to make it work

export default NextAuth({
    secret: process.env.AUTH_SECRET,
    providers: [
    ...
    ]
})

Upvotes: 69

Related Questions