Why AUTH_URL Is Required in Production for Next Auth (Auth.js v5)

Overview

When deploying an application using Next Auth (Auth.js v5) to a Docker container or production environment, the following error occurs with GitHub OAuth authentication if the AUTH_URL environment variable is not configured:

Be careful!
The redirect_uri is not associated with this application.

Development Environment vs Production Environment

Development Environment (`npm run dev`)

In the development environment, Next.js automatically detects host information, so configuring AUTH_URL is not required.

# This alone works
npm run dev

Production Environment (Docker / `npm run build && npm start`)

In the production environment, Next Auth cannot automatically detect host information, so configuring AUTH_URL is required.

# Add to .env.local or environment variables
AUTH_URL=http://localhost:3000  # or https://your-domain.com
AUTH_TRUST_HOST=true

Docker Configuration Examples

Using docker run

docker run -d --name myapp -p 3000:3000 \
  --env-file .env.local \
  -e AUTH_TRUST_HOST=true \
  myapp:latest

Using docker-compose.yml

services:
  app:
    image: myapp:latest
    ports:
      - "3000:3000"
    environment:
      - AUTH_URL=https://your-domain.com
      - AUTH_TRUST_HOST=true
    env_file:
      - .env.local

List of Required Environment Variables

Variable Name	Development Environment	Production Environment	Description
`AUTH_SECRET`	Required	Required	Session encryption key
`AUTH_GITHUB_ID`	Required	Required	GitHub OAuth Client ID
`AUTH_GITHUB_SECRET`	Required	Required	GitHub OAuth Client Secret
`AUTH_URL`	Not required	Required	Application base URL
`AUTH_TRUST_HOST`	Not required	Required	Configuration to trust the host

.env.local Example

# NextAuth.js Configuration
AUTH_SECRET=your-secret-key-here

# GitHub OAuth App Credentials
AUTH_GITHUB_ID=your-client-id
AUTH_GITHUB_SECRET=your-client-secret

# Production only (Docker / deployed environments)
AUTH_URL=http://localhost:3000

Why This Problem Occurs

Development environment: The Next.js development server can obtain accurate host information from request headers
Production environment: Inside a Docker container, it starts as 0.0.0.0:3000, so it does not know the actual URL when accessed from outside
OAuth mechanism: GitHub only allows redirects to URLs that exactly match the registered redirect_uri

Troubleshooting

Error: “redirect_uri is not associated with this application”

Cause: AUTH_URL is not configured, or it does not match the GitHub OAuth App’s Callback URL

Solution:

Configure AUTH_URL correctly
Set {AUTH_URL}/api/auth/callback/github as the “Authorization callback URL” in the GitHub OAuth App

Error: “UntrustedHost: Host must be trusted”

Cause: AUTH_TRUST_HOST is not configured

Solution: Add AUTH_TRUST_HOST=true to the environment variables

Reference Links

Created: 2026-01-27

Overview#

Development Environment vs Production Environment#

Development Environment (npm run dev)#

Production Environment (Docker / npm run build && npm start)#

Docker Configuration Examples#

Using docker run#

Using docker-compose.yml#

List of Required Environment Variables#

.env.local Example#

Why This Problem Occurs#

Troubleshooting#

Error: “redirect_uri is not associated with this application”#

Error: “UntrustedHost: Host must be trusted”#

Reference Links#