How to define a JWT secret in next-auth to avoid errors in prod?

Question

How to define a JWT secret in NextAuth.js v4 to avoid errors in prod? I followed the instructions as they said in the documentation: https://next-auth.js.org/configuration/options#secret.

And I still getting this warning (this link doesn't explain any details about):

[next-auth][warn][NO_SECRET]

https://next-auth.js.org/warnings#no_secret

My [...nextauth].js looks like:

export default NextAuth({
  providers: [
    GoogleProvider({
      clientId: process.env.GOOGLE_CLIENT_ID,
      clientSecret: process.env.GOOGLE_CLIENT_SECRET
    })
  ],
  session: {
    strategy: "jwt",
    maxAge: 30 * 24 * 60 * 60, // 30 days
    updateAge: 24 * 60 * 60, // 24 hours
  },
  jwt: {
    secret: process.env.JWT_SECRET,
    maxAge: 60 * 60 * 24 * 30,
    async encode({ secret, token, maxAge }) {},
    async decode({ secret, token }) {},
  },
})

JWT_SECRET was generated by openssl rand -base64 32.

Answer 1

The secret has to be set at the top-level on the next-auth config object (same level as providers, session and jwt), instead of nested inside jwt.

export default NextAuth({
    providers: [
        GoogleProvider({
            clientId: process.env.GOOGLE_CLIENT_ID,
            clientSecret: process.env.GOOGLE_CLIENT_SECRET
        })
    ],
    session: { /*...*/ },
    jwt: { /*...*/ },
    secret: process.env.JWT_SECRET
})