Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Middleware fails with NO_SECRET even when secret is provided #3878

Closed
SheldonNunes opened this issue Feb 8, 2022 · 2 comments
Closed

Middleware fails with NO_SECRET even when secret is provided #3878

SheldonNunes opened this issue Feb 8, 2022 · 2 comments
Labels
bug Something isn't working

Comments

@SheldonNunes
Copy link

SheldonNunes commented Feb 8, 2022
edited
Loading

Description 🐜

When using the withAuth middleware the application is raising a server error that NO_SECRET is provided even though the NEXTAUTH_SECRET is populated. It also fails when providing SECRET also.

This appears to be coming from the following lines:

next-auth/packages/next-auth/src/next/middleware.ts

Lines 72 to 76 in 9dc5912

if (!process.env.NEXTAUTH_SECRET) {
console.error(
`[next-auth][error][NO_SECRET]`,
`\nhttps://next-auth.js.org/errors#no_secret`
)

As to why this is not picking up the env variables is unclear. I encountered this both in my project and in the default code sandbox.

As a workaround I created my own middleware below and discovered another bug when making the call to getToken. It is returning null unless it is explicitly passed the secret parameter:

import { getToken } from "next-auth/jwt";
import { NextRequest, NextResponse } from "next/server";

export async function middleware(req: NextRequest) {
  const token = await getToken({
    req: req as any,
    secret: process.env.NEXTAUTH_SECRET,
  });

  if (
    [signInPage, errorPage].includes(req.nextUrl.pathname) ||
    req.nextUrl.pathname.startsWith("/api") ||
    req.nextUrl.pathname.startsWith("/auth")
  ) {
    return NextResponse.next();
  } else if (!token) {
    return NextResponse.redirect("/auth/signin");
  }
}

Is this a bug in your own project?

No

How to reproduce ☕️

CodeSandbox example

  • Create nextjs project with next-auth
  • Add NEXTAUTH_SECRET secret to the environment file using openssl rand -base64 32
  • Set up _middleware.tsx based on the middleware example on next-auth in your admin section
  • Try and visit an admin page

Screenshots / Logs 📽

No response

Environment 🖥

System:
OS: macOS 11.6.2
CPU: (8) x64 Intel(R) Core(TM) i7-4980HQ CPU @ 2.80GHz
Memory: 1.28 GB / 16.00 GB
Shell: 3.2.57 - /bin/bash
Binaries:
Node: 16.13.2 - /usr/local/bin/node
Yarn: 1.22.17 - /usr/local/bin/yarn
npm: 8.1.2 - /usr/local/bin/npm
Browsers:
Chrome: 98.0.4758.80
Safari: 15.3
npmPackages:
next: ^12.0.10 => 12.0.10
next-auth: ^4.2.1 => 4.2.1
react: ^17.0.2 => 17.0.2

Contributing 🙌🏽

Yes, I am willing to help solve this bug in a PR
@SheldonNunes SheldonNunes added the bug Something isn't working label Feb 8, 2022
@filiptronicek
Copy link

Linking #3802 here because it is most likely related.

@balazsorban44
Copy link
Member

True, thanks @filiptronicek. This is a duplicate. Please see #3802 (comment)

@promet99 promet99 mentioned this issue Apr 19, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@SheldonNunes @balazsorban44 @filiptronicek