Discord: unexpected JWT "iss" (issuer) claim value

[jariz]

Provider type

Discord

Environment

  System:
    OS: macOS 15.0.1
    CPU: (10) arm64 Apple M1 Pro
    Memory: 336.41 MB / 16.00 GB
    Shell: 3.7.1 - /opt/homebrew/bin/fish
  Binaries:
    Node: 22.12.0 - ~/.volta/tools/image/node/22.12.0/bin/node
    npm: 10.9.0 - ~/.volta/tools/image/node/22.12.0/bin/npm
    pnpm: 9.15.2 - ~/.volta/bin/pnpm
    bun: 0.1.1 - ~/.bun/bin/bun
  Browsers:
    Chrome: 133.0.6943.127
    Edge: 133.0.3065.69
    Safari: 18.0.1
  npmPackages:
    @auth/unstorage-adapter: ^2.0.0 => 2.7.4
    next: latest => 15.1.7
    next-auth: beta => 5.0.0-beta.25
    react: ^18.2.0 => 18.3.1

Reproduction URL

https://github.com/jariz-forks/next-auth-discord-broken

Describe the issue

This is basically me attempting to re-open #12208 with a - frankly, needless - fork of next-auth-example that strips away everything but the discord provider because your bot is obsessed with reproduction urls.
This issue is as simple and reproducible as you can be because the discord provider is just plain broken right now, even in it's most basic form.

---

Following the Getting Started guide (with create-next-app@14), OAuth fails on callback with the following:

Server error
There is a problem with the server configuration.
Check the server logs for more information.

Server logs show

[auth][error] CallbackRouteError: Read more at https://errors.authjs.dev#callbackrouteerror
[auth][cause]: OperationProcessingError: unexpected JWT "iss" (issuer) claim value
[auth][details]: {
  "expected": "https://authjs.dev",
  "claims": {
    "iss": "https://discord.com",
    "aud": [
      "[REDACTED]"
    ],
    "iat": [REDACTED],
    "exp": [REDACTED],
    "auth_time": 1731163185,
    "at_hash": "[REDACTED]",
    "sub": "[REDACTED]"
  },
  "claim": "iss",
  "provider": "discord"
}
 GET /api/auth/callback/discord?code=[REDACTED] 302 in 687ms
 GET /api/auth/error?error=Configuration 500 in 9ms

I have http://localhost:3000/api/auth/callback/discord configured in the Discord Developer Portal as a redirect url, as per the guide instructions.

How to reproduce

• check out repo
• npx auth add discord and follow instructions
• click login

Expected behavior

Callback should not fail

[panva]

Are you asking for the openid scope? If so the issue is clear - ID Token is issued as a result of the scope and the Provider configuration doesn't have a issuer configuration. I believe the issuer value https://discord.com just needs to be added in the provider definition.

[jariz]

Thanks @panva, indeed adding the issuer completely fixes it:

    Discord({
      issuer: "https://discord.com",
    }),

I have opened a PR (#12694) to add this to the provider's config.