ConfigParameters: DeepPartial<NextConfig>

Configuration properties.

The Server part of the SDK can be configured in 2 ways.

1. Environment Variables

The simplest way to use the SDK is to use the named exports (HandleAuth, HandleLogin, HandleLogout, HandleCallback, HandleProfile, GetSession, GetAccessToken, WithApiAuthRequired, and WithPageAuthRequired).

// pages/api/auth/[auth0].js
import { handleAuth } from '@auth0/nextjs-auth0';

return handleAuth();

When you use these named exports, an instance of the SDK is created for you which you can configure using environment variables:


  • AUTH0_SECRET: See BaseConfig.secret.
  • AUTH0_ISSUER_BASE_URL: See BaseConfig.issuerBaseURL.
  • AUTH0_BASE_URL: See BaseConfig.baseURL.
  • AUTH0_CLIENT_ID: See BaseConfig.clientID.
  • AUTH0_CLIENT_SECRET: See BaseConfig.clientSecret.


  • AUTH0_CLOCK_TOLERANCE: See BaseConfig.clockTolerance.
  • AUTH0_HTTP_TIMEOUT: See BaseConfig.httpTimeout.
  • AUTH0_ENABLE_TELEMETRY: See BaseConfig.enableTelemetry.
  • AUTH0_IDP_LOGOUT: See BaseConfig.idpLogout.
  • AUTH0_ID_TOKEN_SIGNING_ALG: See BaseConfig.idTokenSigningAlg.
  • AUTH0_LEGACY_SAME_SITE_COOKIE: See BaseConfig.legacySameSiteCookie.
  • AUTH0_IDENTITY_CLAIM_FILTER: See BaseConfig.identityClaimFilter.
  • AUTH0_PUSHED_AUTHORIZATION_REQUESTS See BaseConfig.pushedAuthorizationRequests.
  • NEXT_PUBLIC_AUTH0_LOGIN: See NextConfig.routes.
  • AUTH0_CALLBACK: See BaseConfig.routes.
  • AUTH0_POST_LOGOUT_REDIRECT: See BaseConfig.routes.
  • AUTH0_AUDIENCE: See BaseConfig.authorizationParams.
  • AUTH0_SCOPE: See BaseConfig.authorizationParams.
  • AUTH0_ORGANIZATION: See NextConfig.organization.
  • AUTH0_SESSION_ROLLING: See SessionConfig.rolling.
  • AUTH0_SESSION_ROLLING_DURATION: See SessionConfig.rollingDuration.
  • AUTH0_SESSION_ABSOLUTE_DURATION: See SessionConfig.absoluteDuration.
  • AUTH0_SESSION_AUTO_SAVE: See SessionConfig.autoSave.
  • AUTH0_COOKIE_DOMAIN: See CookieConfig.domain.
  • AUTH0_COOKIE_PATH: See CookieConfig.path.
  • AUTH0_COOKIE_TRANSIENT: See CookieConfig.transient.
  • AUTH0_COOKIE_HTTP_ONLY: See CookieConfig.httpOnly.
  • AUTH0_COOKIE_SAME_SITE: See CookieConfig.sameSite.
  • AUTH0_CLIENT_ASSERTION_SIGNING_KEY: See BaseConfig.clientAssertionSigningKey
  • AUTH0_CLIENT_ASSERTION_SIGNING_ALG: See BaseConfig.clientAssertionSigningAlg
  • AUTH0_TRANSACTION_COOKIE_NAME See BaseConfig.transactionCookie
  • AUTH0_TRANSACTION_COOKIE_DOMAIN See BaseConfig.transactionCookie
  • AUTH0_TRANSACTION_COOKIE_PATH See BaseConfig.transactionCookie
  • AUTH0_TRANSACTION_COOKIE_SAME_SITE See BaseConfig.transactionCookie
  • AUTH0_TRANSACTION_COOKIE_SECURE See BaseConfig.transactionCookie

2. Create your own instance using InitAuth0

If you don't want to configure the SDK with environment variables or you want more fine grained control over the instance, you can create an instance yourself and use the handlers and helpers from that.

First, export your configured instance from another module:

// utils/auth0.js
import { initAuth0 } from '@auth0/nextjs-auth0';

export default initAuth0({ ...ConfigParameters... });

Then import it into your route handler:

// pages/api/auth/[auth0].js
import auth0 from '../../../../utils/auth0';

export default auth0.handleAuth();

IMPORTANT If you use InitAuth0, you should not use the other named exports as they will use a different instance of the SDK. Also note - this is for the server side part of the SDK - you will always use named exports for the front end components: UserProvider, UseUser and the front end version of WithPageAuthRequired