next-auth JWEDecryptionFailed

Question

I am using this code to be able to use the credentials next-auth provider along with cognito as oauth serviice: this to allow email and password auth. I am running next-auth@4.2.1:

import CognitoProvider from "next-auth/providers/cognito";
import NextAuth from 'next-auth'
import CredentialsProvider from "next-auth/providers/credentials"
import * as cognito from '../../../lib/cognito'
import { Auth } from 'aws-amplify';

export default NextAuth({
    providers: [
        CredentialsProvider({
            credentials: {
              username: { label: "Username", type: "text", placeholder: "jsmith" },
              password: {  label: "Password", type: "password" }
            },
            async authorize(credentials, req) {
                try {
                    const user = await Auth.signIn(credentials.username, credentials.password);
                    return user
                } catch (error) {
                    console.log('error signing in', error);
                }
            }
          })
    ],
    debug: process.env.NODE_ENV === 'development' ? true : falsey

})

I often get this error:

https://next-auth.js.org/errors#jwt_session_error decryption operation failed {
  message: 'decryption operation failed',
  stack: 'JWEDecryptionFailed: decryption operation failed\n' +
    '    at gcmDecrypt (/home/aurel/Documents/repos/front/node_modules/jose/dist/node/cjs/runtime/decrypt.js:67:15)\n' +
    '    at decrypt (/home/aurel/Documents/repos/front/node_modules/jose/dist/node/cjs/runtime/decrypt.js:92:20)\n' +
    '    at flattenedDecrypt (/home/aurel/Documents/repos/front/node_modules/jose/dist/node/cjs/jwe/flattened/decrypt.js:119:52)\n' +
    '    at async compactDecrypt (/home/aurel/Documents/repos/front/node_modules/jose/dist/node/cjs/jwe/compact/decrypt.js:18:23)\n' +
    '    at async jwtDecrypt (/home/aurel/Documents/repos/front/node_modules/jose/dist/node/cjs/jwt/decrypt.js:8:23)\n' +
    '    at async Object.decode (/home/aurel/Documents/repos/front/node_modules/next-auth/jwt/index.js:64:7)\n' +
    '    at async Object.session (/home/aurel/Documents/repos/front/node_modules/next-auth/core/routes/session.js:41:28)\n' +
    '    at async NextAuthHandler (/home/aurel/Documents/repos/front/node_modules/next-auth/core/index.js:96:27)\n' +
    '    at async NextAuthNextHandler (/home/aurel/Documents/repos/front/node_modules/next-auth/next/index.js:21:19)\n' +
    '    at async /home/aurel/Documents/repos/front/node_modules/next-auth/next/index.js:57:32',
  name: 'JWEDecryptionFailed'
}

found https://next-auth.js.org/errors#jwt_session_error in the docs but does not really help

thanks

score 40 · Accepted Answer · answered Mar 10 '22 at 19:09

40

just had to add a secret to make it work

export default NextAuth({
    secret: process.env.AUTH_SECRET,
    providers: [
    ...
    ]
})

answered Mar 10 '22 at 19:09

a-dawg

783
1
5
13

Chayapol · Answer 2 · 2023-01-24T10:07:09.567

28

NextAuth needs NEXTAUTH_SECRET environment variable to encrypt JWTs and to hash email verification tokens. You can put it in .env file, like

NEXTAUTH_SECRET=say_lalisa_love_me_lalisa_love_me_hey

See NextAuth reference

edited Jan 24 '23 at 10:07

answered Nov 07 '22 at 02:43

Chayapol

3,718
1
21
12

score 4 · Answer 3 · answered Jun 25 '23 at 07:19

NEXTAUTH_SECRET is used to encrypt the NextAuth.js JWT, and to hash email verification tokens. This is the default value for the secret option in NextAuth and Middleware.

for more detail visit: https://next-auth.js.org/configuration/options#secret

JWTKeySupport: the key does not support HS512 verify algorithm

for more detail visit: https://next-auth.js.org/errors#jwt_session_error

use the following steps to fix the problem.

step 1: Generate your random key using following command

openssl rand -base64 32

step 2: You can add the NEXTAUTH_SECRET in .env file like this

NEXTAUTH_SECRET=YOUR_KEY_HERE,

or, add in next.config.js file like this

const config = {
  reactStrictMode: true,
  env: {
    NEXTAUTH_SECRET:"YOUR_KEY_HERE",
  },
};

export default config;

step 3: Add a secret in [...nextauth].ts

 export const nextOption = {
  
  secret: process.env.NEXTAUTH_SECRET as string,
...<rest of your code>

score 0 · Answer 4 · answered Apr 17 '22 at 13:40

0

The secret a-dawg comment must be inserted into the .env.local file

More info: https://nextjs.org/docs/basic-features/environment-variables

answered Apr 17 '22 at 13:40

Ale Prieto

89
1
5

1

Welcome to StackOverflow! You should copy the comment or an example into the response as well. The link itself might change and then this answer becomes incomplete. Besides, it's not obvious what were you pointing to in the link anyway. This would have been more appropriate as a comment to the answer than the standalone answer. – crollywood May 30 '22 at 09:15

next-auth JWEDecryptionFailed

4 Answers4