Skip to content
Migrating from NextAuth.js v4? Read our migration guide.
Guides
Environment Variables

Environment variables

Auth secret

.env.local
AUTH_SECRET="This is an example"

AUTH_SECRET is a random token used by the library to encrypt tokens and email verification hashes, and it’s mandatory to keep things secure (See Deployment to learn more). You can use the CLI to generate an auth secret.

npm exec auth secret

Alternatively, on Linux and Mac OS X based systems you can use the openssl CLI.

openssl rand -base64 33

Environment Variable Inference

Auth.js is automatically configured to pick the right environment variables for clientId and clientSecret when using an official OAuth provider.

The shape of these variables in your .env files should always follow the same pattern:

AUTH_[PROVIDER]_ID=
AUTH_[PROVIDER]_SECRET=

For example if we’re using the Google, Twitter and Github providers, your .env file would look something like this.

# Google
AUTH_GOOGLE_ID=123
AUTH_GOOGLE_SECRET=123
 
# Twitter
AUTH_TWITTER_ID=123
AUTH_TWITTER_SECRET=123
 
# Github
AUTH_GITHUB_ID=123
AUTH_GITHUB_SECRET=123

Then in your Auth.js configuration file, the provider array is simplified to this.

./auth.ts
import NextAuth from "next-auth"
import Google from "next-auth/providers/google"
import Twitter from "next-auth/providers/twitter"
import GitHub from "next-auth/providers/github"
 
export const { handlers, auth } = NextAuth({
  providers: [Google, Twitter, GitHub],
})

If for some reason you want to name the variables differently:

# Google
AUTH_WEBAPP_GOOGLE_CLIENT_ID=123
AUTH_WEBAPP_GOOGLE_CLIENT_SECRET=123

Then you will need to manually reference them in the config:

./auth.ts
import NextAuth from "next-auth"
import Google from "next-auth/providers/google"
 
export const { handlers, auth } = NextAuth({
  providers: [
    Google({
      clientId: process.env.AUTH_WEBAPP_GOOGLE_CLIENT_ID,
      clientSecret: process.env.AUTH_WEBAPP_GOOGLE_CLIENT_SECRET,
    }),
  ],
})
Auth.js © Balázs Orbán and Team - 2024