Search code examples
next.jsauth0

Error: A valid Auth0 Client Secret must be provided on Vercel

Hello I'm trying to deploy aplication on vercel, on preview everything works perfectly, however on production it fails with this error. I'm using @auth0/nextjs-auth0 version ^0.16.1

08:18:12.508    > Build error occurred
08:18:12.510    Error: A valid Auth0 Client Secret must be provided
08:18:12.510        at Object.createInstance [as default] (/vercel/workpath0/node_modules/@auth0/nextjs-auth0/dist/instance.node.js:16:15)
08:18:12.510        at initAuth0 (/vercel/workpath0/node_modules/@auth0/nextjs-auth0/dist/index.js:9:46)

The auth0 config file, looks same as the official docs.

import { initAuth0 } from '@auth0/nextjs-auth0';

export default initAuth0({
  domain: process.env.AUTH0_DOMAIN,
  clientId: process.env.AUTH0_CLIENT_ID,
  clientSecret: process.env.AUTH0_CLIENT_SECRET,
  scope: 'openid profile',
  redirectUri: 'http://localhost:3000/api/callback',
  postLogoutRedirectUri: 'http://localhost:3000/',
  session: {
    // The secret used to encrypt the cookie.
    cookieSecret: process.env.COOKIE_SECRET,
    // The cookie lifetime (expiration) in seconds. Set to 8 hours by default.
    cookieLifetime: 60 * 60 * 8,
    // (Optional) The cookie domain this should run on. Leave it blank to restrict it to your domain.
    cookieDomain: 'your-domain.com',
    // (Optional) SameSite configuration for the session cookie. Defaults to 'lax', but can be changed to 'strict' or 'none'. Set it to false if you want to disable the SameSite setting.
    cookieSameSite: 'lax',
    // (Optional) Store the id_token in the session. Defaults to false.
    storeIdToken: false,
    // (Optional) Store the access_token in the session. Defaults to false.
    storeAccessToken: false,
    // (Optional) Store the refresh_token in the session. Defaults to false.
    storeRefreshToken: false
  },
  oidcClient: {
    // (Optional) Configure the timeout in milliseconds for HTTP requests to Auth0.
    httpTimeout: 2500,
    // (Optional) Configure the clock tolerance in milliseconds, if the time on your server is running behind.
    clockTolerance: 10000
  }
});
Solution

  • Unfortunately, the env variable clientSecret: process.env.AUTH0_CLIENT_SECRET was disabled on production build somehow.