Auth.js v5 env / trusted host preflight

Check Auth.js env names before callback and host errors.

Paste env-name lines and callback notes. This local preflight checks AUTH_SECRET, AUTH_TRUST_HOST, legacy NEXTAUTH names, and host-boundary warnings without storing provider secrets.

Auth.js inputs

Names only

Deployment contextEnv names or linesCallback / host notes

Do not paste provider client secrets, OAuth tokens, session cookies, or real secret values. The report prints names and boundaries only.

Auth.js result

fail

Auth.js is missing required env names for this deployment shape.

Env names4

Missing1

Legacy0

Warnings1

fail

Missing expected names

AUTH_TRUST_HOST

warn

Boundary to review

Secret-like names were detected; keep values out of this page and copied reports.

Detected names

Env names

AUTH_SECRETAUTH_URLGITHUB_IDGITHUB_SECRET

Secret-like names

AUTH_SECRETAUTH_URLGITHUB_SECRET

Safe report

Auth.js v5 env / trusted host preflight
Status: fail
Summary: Auth.js is missing required env names for this deployment shape.

Detected env names: AUTH_SECRET, AUTH_URL, GITHUB_ID, GITHUB_SECRET
Missing expected names: AUTH_TRUST_HOST
Legacy NEXTAUTH_* names: none
Secret-like names: AUTH_SECRET, AUTH_URL, GITHUB_SECRET

Warnings:
- Secret-like names were detected; keep values out of this page and copied reports.

Checklist:
- Use AUTH_SECRET for Auth.js v5; rotate only through your approved secret store.
- Set AUTH_URL only when your deployment needs a stable canonical callback URL.
- Set AUTH_TRUST_HOST=true only when you understand the proxy/host-header boundary.
- Keep provider client secrets out of pasted snippets and copied reports.

Scope: static env-name and host-boundary check only. This report never includes env values, provider secrets, cookies, or OAuth credentials.