I’m having persistent issues integrating @auth0/nextjs-auth0 (v4.4.2) with a Next.js 15 project (using the App Router). The main problem:
Calling getAccessToken() or getSession() in API routes, server actions, or server components throws:
TypeError: Failed to parse URL from /auth/access-token
The same error occurs when attempting to use these methods in client components (via fetch to an API route).
Auth0 setup (provider, env vars, etc.) appears correct and authentication redirects work, but retrieving the access token/session on the server side is broken.
Wrapping components in <Suspense> or using the recommended UserProvider does not help.
I am using Turbopack (next dev --turbopack), but the problem persists even without it.
Installing the suggested peer dependency @edge-runtime/cookies does not resolve the issue.
What I’ve tried:
Creating a dedicated API route to call and log getAccessToken().
Using both server and client components to fetch the access token/session.
Ensuring correct Auth0 configuration and session setup.
Versions:
next: 15.3.0
@auth0/nextjs-auth0: 4.4.2
Request:
Is there a known compatibility issue between Auth0’s SDK and Next.js 15 App Router? Are there any workarounds or recommended approaches to retrieve the access token/session in this setup? Any help or guidance would be appreciated!
Let me know if you want to add more details or clarify anything further!
NOTE: All other features (Login/Signup/Signout and profile ) work fine just the route:
/auth/access-token does not in Nextjs App router.
Calling this const accessToken = await fetchAccesstoken(); console.log('sample',accessToken)
Always returns a JWE token, It seems, I’m not allowed to pass the AUTH0_AUDIENCE param when calling getAccessToken in ver.4.x + of next.auth0
I’ve also tried the same by cloning the provided example project:
and applying my .env variables but this also still results the same issue.
Am I missing something here? perhaps in the auth0.dashboard?
I’ve also authorised the app from the API settings (machine to machine applications) and also ensured that the option to pass JWE Encrypting the signed access_token issued for this API is ‘Disabled’
But its still passing a JWE token instead of a JWT. (Which is not possible for me to handle in the Backend)
I looked into the same forum post earlier.
The newer version of “@auth0/nextjs-auth0”: “4.2.2” supports app router for Next.js.
The solution you referenced fixes the issue where an opaque access token is returned because the right audience or scope was not passed in as parameters (which works for pages router). However, for Next.js app router (or at least the newer version 4.x+), it does not allow passing the audience or scope env directly to auth0.getAccessToken().
Which likely causes the issue. I’ve also noted that in the latest versions of @auth0/nextjs-auth0 (v4+), the SDK expects the audience and scope to be set globally during Auth0 client initialization, not per-request as in earlier versions.
import { Auth0Client } from "@auth0/nextjs-auth0/server";
// Initialize the Auth0 client
export const auth0 = new Auth0Client({
// Options are loaded from environment variables by default
// Ensure necessary environment variables are properly set
// domain: process.env.AUTH0_DOMAIN,
// clientId: process.env.AUTH0_CLIENT_ID,
// clientSecret: process.env.AUTH0_CLIENT_SECRET,
// appBaseUrl: process.env.APP_BASE_URL,
// secret: process.env.AUTH0_SECRET,
authorizationParameters: {
// In v4, the AUTH0_SCOPE and AUTH0_AUDIENCE environment variables are no longer automatically picked up by the SDK.
// Instead, we need to provide the values explicitly.
scope: process.env.AUTH0_SCOPE,
audience: process.env.AUTH0_AUDIENCE,
}
});
Not sure how to proceed from here..
Please let me know if you want me to add more details or clarify anything further!