英文:
Auth0 generates JWT in local environment and JWE in production environment Next
问题
I am using Auth0 for authentication in my Next.js app with an Express.js API backend. Everything works fine in my local environment, but when I deploy my application to production, I encounter authentication issues.
When I request an access token from Auth0 in my local environment, I receive a JWT (JSON Web Token), which works as expected. However, when I request an access token from Auth0 in my production environment, I receive a JWE (JSON Web Encryption) token instead. This causes authentication problems, as my backend expects a JWT token.
My jwt checking in the backend:
const { auth } = require('express-oauth2-jwt-bearer');
const jwtCheck = auth({
audience: process.env.AUTH0_AUDIENCE,
issuerBaseURL: process.env.AUTH0_ISSUER_BASE_URL,
tokenSigningAlg: 'RS256'
});
My connection to auth0 in the front:
const auth0 = initAuth0({
scope: 'openid profile email offline_access',
audience: process.env.AUTH0_AUDIENCE,
issuerBaseURL: process.env.AUTH0_ISSUER_BASE_URL,
baseURL: process.env.AUTH0_BASE_URL,
clientID: process.env.AUTH0_CLIENT_ID,
clientSecret: process.env.AUTH0_CLIENT_SECRET,
secret: process.env.AUTH0_SECRET
});
Any help would be greatly appreciated.
UPDATE:
I've noticed something interesting in my local env. I have replaced all my process.env in my initAuth0 with the actual values of my .env file. And I removed my .env file. The auth connection is made, but I receive a JWE instead of a JWT. This is my production issue.
const auth0 = initAuth0({
scope: 'openid profile email offline_access',
audience: "***",
issuerBaseURL: "***",
baseURL: "http://localhost:3000",
clientID: "***",
clientSecret: "***",
secret: "****"
});
But if I add AUTH0_AUDIENCE="***" in my .env file and keep all the values in initAuth0 (without the process.env, just the actual values), I get the correct JWT and everything works. Again, I'm talking about locally.
It seems like when trying to retrieve the JWT with getAccessToken(), the AUTH0_AUDIENCE is automatically accessed and therefore needed by Auth0. Again this works locally but not in production.
英文:
I am using Auth0 for authentication in my Next.js app with an Express.js API backend. Everything works fine in my local environment, but when I deploy my application to production, I encounter authentication issues.
When I request an access token from Auth0 in my local environment, I receive a JWT (JSON Web Token), which works as expected. However, when I request an access token from Auth0 in my production environment, I receive a JWE (JSON Web Encryption) token instead. This causes authentication problems, as my backend expects a JWT token.
I have double-checked my environment variables and Auth0 settings, but I cannot find the cause of this discrepancy. How can I ensure that Auth0 generates a JWT access token in both my local and production environments?
My jwt checking in the backend:
const { auth } = require('express-oauth2-jwt-bearer');
const jwtCheck = auth({
audience: process.env.AUTH0_AUDIENCE,
issuerBaseURL: process.env.AUTH0_ISSUER_BASE_URL,
tokenSigningAlg: 'RS256'
});
My connection to auth0 in the front:
const auth0 = initAuth0({
scope: 'openid profile email offline_access',
audience: process.env.AUTH0_AUDIENCE,
issuerBaseURL: process.env.AUTH0_ISSUER_BASE_URL,
baseURL: process.env.AUTH0_BASE_URL,
clientID: process.env.AUTH0_CLIENT_ID,
clientSecret: process.env.AUTH0_CLIENT_SECRET,
secret: process.env.AUTH0_SECRET
});
Any help would be greatly appreciated.
Thanks
I've verified my env variables in both environments and everything seems fine (to me at least).
UPDATE:
I've noticed something interesting in my local env. I have replaced all my process.env in my initAuth0 with the actual values of my .env file. And I removed my .env file. The auth connection is made, but I receive a JWE instead of a JWT. This is my production issue.
const auth0 = initAuth0({
scope: 'openid profile email offline_access',
audience: "***",
issuerBaseURL: "***",
baseURL: "http://localhost:3000",
clientID: "***",
clientSecret: "***",
secret: "****"
});
But if I add AUTH0_AUDIENCE="***" in my .env file and keep all the values in initAuth0 (without the process.env, just the actual values), I get the correct JWT and everything works. Again, I'm talking about locally.
It seems like when trying to retrieve the JWT with getAccessToken(), the AUTH0_AUDIENCE is automatically accessed and therefore needed by Auth0. Again this works locally but not in production.
答案1
得分: 0
在Nextjs中,由于env
文件的安全性,如果您想在客户端获取一个env
,您必须在每个环境变量名称之前加上NEXT_PUBLIC
,就像这样:
不要使用AUTH0_AUDIENCE
,而应使用NEXT_PUBLIC_AUTH0_AUDIENCE
。
英文:
In Nextjs because of security in env
file, if you want to get an env
in client you have to put NEXT_PUBLIC
in first of every env name like this:
Instead of AUTH0_AUDIENCE
you must use NEXT_PUBLIC_AUTH0_AUDIENCE
答案2
得分: 0
"I deployed my app to Vercel instead of AWS Amplify. I didn't change anything in the config and it worked. I'm really curious if anyone has an idea on what I did wrong on AWS."
英文:
Ok I've found out a way to fix this, I deployed my app to Vercel instead of AWS Amplify. I didn't change anything in the config and it worked.
I'm really curious if anyone has an idea on what I did wrong on AWS.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论