Skip to main content
Version: v4


This is a list of warning output from NextAuth.js.

All warnings indicate things which you should take a look at, but do not inhibit normal operation.



Environment variable NEXTAUTH_URL missing. Please set it in your .env file.


On Vercel deployments, we will read the VERCEL_URL environment variable, so you won't need to define NEXTAUTH_URL.


These warnings are displayed on the terminal.


In development, we generate a secret based on your configuration for convenience. This is volatile and will throw an error in production. Read more


Twitter OAuth 2.0 is currently in beta as certain changes might still be necessary. This is not covered by semver. See the docs


Some APIs are still experimental; they may be changed or removed in the future. Use at your own risk.


You have enabled the debug option. It is meant for development only, to help you catch issues in your authentication flow and you should consider removing this option when deploying to production. One way of only allowing debugging while not in production is to set debug: process.env.NODE_ENV !== "production", so you can commit this without needing to change the value.

If you want to log debug messages during production anyway, we recommend setting the logger option with proper sanitization of potentially sensitive user information.



This warning occurs when typeorm finds that the provided entities differ from the database entities. By default while not in production the typeorm adapter will always synchronize changes made to the entities codefiles.

Disable this warning by setting synchronize: false in your typeorm config


adapter: TypeORMLegacyAdapter({
type: 'mysql',
username: process.env.DATABASE_USERNAME,
password: process.env.DATABASE_PASSWORD,
host: process.env.DATABASE_HOST,
database: process.env.DATABASE_DB,
synchronize: false