@lobehub/chat 1.16.9 → 1.16.10

package/CHANGELOG.md

@@ -2,6 +2,39 @@
 
 # Changelog
 
+### [Version 1.16.10](https://github.com/lobehub/lobe-chat/compare/v1.16.9...v1.16.10)
+
+<sup>Released on **2024-09-12**</sup>
+
+#### ♻ Code Refactoring
+
+- **misc**: Support Environment Variable Inference For NextAuth.
+
+#### 🐛 Bug Fixes
+
+- **misc**: Qwen model param error.
+
+<br/>
+
+<details>
+<summary><kbd>Improvements and Fixes</kbd></summary>
+
+#### Code refactoring
+
+- **misc**: Support Environment Variable Inference For NextAuth, closes [#3701](https://github.com/lobehub/lobe-chat/issues/3701) ([b956755](https://github.com/lobehub/lobe-chat/commit/b956755))
+
+#### What's fixed
+
+- **misc**: Qwen model param error, closes [#3902](https://github.com/lobehub/lobe-chat/issues/3902) ([c9f00e5](https://github.com/lobehub/lobe-chat/commit/c9f00e5))
+
+</details>
+
+<div align="right">
+
+[![](https://img.shields.io/badge/-BACK_TO_TOP-151515?style=flat-square)](#readme-top)
+
+</div>
+
 ### [Version 1.16.9](https://github.com/lobehub/lobe-chat/compare/v1.16.8...v1.16.9)
 
 <sup>Released on **2024-09-12**</sup>

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lobehub/chat",
-  "version": "1.16.9",
+  "version": "1.16.10",
   "description": "Lobe Chat - an open-source, high-performance chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Supports one-click free deployment of your private ChatGPT/LLM web application.",
   "keywords": [
     "framework",
@@ -102,7 +102,7 @@
     "@ant-design/icons": "^5.4.0",
     "@ant-design/pro-components": "^2.7.10",
     "@anthropic-ai/sdk": "^0.27.0",
-    "@auth/core": "0.28.0",
+    "@auth/core": "^0.34.2",
     "@aws-sdk/client-bedrock-runtime": "^3.637.0",
     "@aws-sdk/client-s3": "^3.637.0",
     "@aws-sdk/s3-request-presigner": "^3.637.0",
@@ -169,7 +169,7 @@
     "modern-screenshot": "^4.4.39",
     "nanoid": "^5.0.7",
     "next": "14.2.8",
-    "next-auth": "5.0.0-beta.15",
+    "next-auth": "beta",
     "next-sitemap": "^4.2.3",
     "numeral": "^2.0.6",
     "nuqs": "^1.17.8",

package/src/config/__tests__/auth.test.ts

@@ -0,0 +1,200 @@
+// @vitest-environment node
+import { beforeEach, describe, expect, it, vi } from 'vitest';
+
+import { getAuthConfig } from '../auth';
+
+// Stub the global process object to safely mock environment variables
+vi.stubGlobal('process', {
+  ...process, // Preserve the original process object
+  env: { ...process.env }, // Clone the environment variables object for modification
+});
+
+const spyConsoleWarn = vi.spyOn(console, 'warn');
+
+describe('getAuthConfig', () => {
+  beforeEach(() => {
+    // Clear all environment variables before each test
+    // @ts-expect-error
+    process.env = {};
+  });
+
+  // TODO(NextAuth ENVs Migration): Remove once nextauth envs migration time end
+  describe('should warn about deprecated environment variables', () => {
+    it('should warn about Auth0 deprecated environment variables', () => {
+      // Set all deprecated environment variables
+      process.env.AUTH0_CLIENT_ID = 'auth0_client_id';
+      process.env.AUTH0_CLIENT_SECRET = 'auth0_client_secret';
+      process.env.AUTH0_ISSUER = 'auth0_issuer';
+      // Call the function
+      getAuthConfig();
+
+      // Check that the spyConsoleWarn function was called for each deprecated environment variable
+      // Example: A warning meassage should incloud: `<Old Env> .* <New Env>`
+      // And the regex should match the warning message: `AUTH0_CLIENT_ID.*AUTH_AUTH0_ID`
+      expect(spyConsoleWarn).toHaveBeenCalledWith(
+        expect.stringMatching(/AUTH0_CLIENT_ID.*AUTH_AUTH0_ID/),
+      );
+      expect(spyConsoleWarn).toHaveBeenCalledWith(
+        expect.stringMatching(/AUTH0_CLIENT_SECRET.*AUTH_AUTH0_SECRET/),
+      );
+      expect(spyConsoleWarn).toHaveBeenCalledWith(
+        expect.stringMatching(/AUTH0_ISSUER.*AUTH_AUTH0_ISSUER/),
+      );
+    });
+    it('should warn about Authentik deprecated environment variables', () => {
+      // Set all deprecated environment variables
+      process.env.AUTHENTIK_CLIENT_ID = 'authentik_client_id';
+      process.env.AUTHENTIK_CLIENT_SECRET = 'authentik_client_secret';
+      process.env.AUTHENTIK_ISSUER = 'authentik_issuer';
+
+      // Call the function
+      getAuthConfig();
+
+      // Check that the spyConsoleWarn function was called for each deprecated environment variable
+      expect(spyConsoleWarn).toHaveBeenCalledWith(
+        expect.stringMatching(/AUTHENTIK_CLIENT_ID.*AUTH_AUTHENTIK_ID/),
+      );
+      expect(spyConsoleWarn).toHaveBeenCalledWith(
+        expect.stringMatching(/AUTHENTIK_CLIENT_SECRET.*AUTH_AUTHENTIK_SECRET/),
+      );
+      expect(spyConsoleWarn).toHaveBeenCalledWith(
+        expect.stringMatching(/AUTHENTIK_ISSUER.*AUTH_AUTHENTIK_ISSUER/),
+      );
+    });
+    it('should warn about Authelia deprecated environment variables', () => {
+      // Set all deprecated environment variables
+      process.env.AUTHELIA_CLIENT_ID = 'authelia_client_id';
+      process.env.AUTHELIA_CLIENT_SECRET = 'authelia_client_secret';
+      process.env.AUTHELIA_ISSUER = 'authelia_issuer';
+
+      // Call the function
+      getAuthConfig();
+
+      // Check that the spyConsoleWarn function was called for each deprecated environment variable
+      expect(spyConsoleWarn).toHaveBeenCalledWith(
+        expect.stringMatching(/AUTHELIA_CLIENT_ID.*AUTH_AUTHELIA_ID/),
+      );
+      expect(spyConsoleWarn).toHaveBeenCalledWith(
+        expect.stringMatching(/AUTHELIA_CLIENT_SECRET.*AUTH_AUTHELIA_SECRET/),
+      );
+      expect(spyConsoleWarn).toHaveBeenCalledWith(
+        expect.stringMatching(/AUTHELIA_ISSUER.*AUTH_AUTHELIA_ISSUER/),
+      );
+    });
+    it('should warn about AzureAD deprecated environment variables', () => {
+      // Set all deprecated environment variables
+      process.env.AZURE_AD_CLIENT_ID = 'azure_ad_client_id';
+      process.env.AZURE_AD_CLIENT_SECRET = 'azure_ad_client_secret';
+      process.env.AZURE_AD_TENANT_ID = 'azure_ad_tenant_id';
+
+      // Call the function
+      getAuthConfig();
+
+      // Check that the spyConsoleWarn function was called for each deprecated environment variable
+      expect(spyConsoleWarn).toHaveBeenCalledWith(
+        expect.stringMatching(/AZURE_AD_CLIENT_ID.*AUTH_AZURE_AD_ID/),
+      );
+      expect(spyConsoleWarn).toHaveBeenCalledWith(
+        expect.stringMatching(/AZURE_AD_CLIENT_SECRET.*AUTH_AZURE_AD_SECRET/),
+      );
+      expect(spyConsoleWarn).toHaveBeenCalledWith(
+        expect.stringMatching(/AZURE_AD_TENANT_ID.*AUTH_AZURE_AD_TENANT_ID/),
+      );
+    });
+    it('should warn about Cloudflare Zero Trust deprecated environment variables', () => {
+      // Set all deprecated environment variables
+      process.env.CLOUDFLARE_ZERO_TRUST_CLIENT_ID = 'cloudflare_zero_trust_client_id';
+      process.env.CLOUDFLARE_ZERO_TRUST_CLIENT_SECRET = 'cloudflare_zero_trust_client_secret';
+      process.env.CLOUDFLARE_ZERO_TRUST_ISSUER = 'cloudflare_zero_trust_issuer';
+
+      // Call the function
+      getAuthConfig();
+
+      // Check that the spyConsoleWarn function was called for each deprecated environment variable
+      expect(spyConsoleWarn).toHaveBeenCalledWith(
+        expect.stringMatching(/CLOUDFLARE_ZERO_TRUST_CLIENT_ID.*AUTH_CLOUDFLARE_ZERO_TRUST_ID/),
+      );
+      expect(spyConsoleWarn).toHaveBeenCalledWith(
+        expect.stringMatching(
+          /CLOUDFLARE_ZERO_TRUST_CLIENT_SECRET.*AUTH_CLOUDFLARE_ZERO_TRUST_SECRET/,
+        ),
+      );
+      expect(spyConsoleWarn).toHaveBeenCalledWith(
+        expect.stringMatching(/CLOUDFLARE_ZERO_TRUST_ISSUER.*AUTH_CLOUDFLARE_ZERO_TRUST_ISSUER/),
+      );
+    });
+    it('should warn about Generic OIDC deprecated environment variables', () => {
+      // Set all deprecated environment variables
+      process.env.GENERIC_OIDC_CLIENT_ID = 'generic_oidc_client_id';
+      process.env.GENERIC_OIDC_CLIENT_SECRET = 'generic_oidc_client_secret';
+      process.env.GENERIC_OIDC_ISSUER = 'generic_oidc_issuer';
+      // Call the function
+      getAuthConfig();
+
+      // Check that the spyConsoleWarn function was called for each deprecated environment variable
+      expect(spyConsoleWarn).toHaveBeenCalledWith(
+        expect.stringMatching(/GENERIC_OIDC_CLIENT_ID.*AUTH_GENERIC_OIDC_ID/),
+      );
+      expect(spyConsoleWarn).toHaveBeenCalledWith(
+        expect.stringMatching(/GENERIC_OIDC_CLIENT_SECRET.*AUTH_GENERIC_OIDC_SECRET/),
+      );
+      expect(spyConsoleWarn).toHaveBeenCalledWith(
+        expect.stringMatching(/GENERIC_OIDC_ISSUER.*AUTH_GENERIC_OIDC_ISSUER/),
+      );
+    });
+    it('should warn about GitHub deprecated environment variables', () => {
+      // Set all deprecated environment variables
+      process.env.GITHUB_CLIENT_ID = 'github_client_id';
+      process.env.GITHUB_CLIENT_SECRET = 'github_client_secret';
+      // Call the function
+      getAuthConfig();
+
+      // Check that the spyConsoleWarn function was called for each deprecated environment variable
+      expect(spyConsoleWarn).toHaveBeenCalledWith(
+        expect.stringMatching(/GITHUB_CLIENT_ID.*AUTH_GITHUB_ID/),
+      );
+      expect(spyConsoleWarn).toHaveBeenCalledWith(
+        expect.stringMatching(/GITHUB_CLIENT_SECRET.*AUTH_GITHUB_SECRET/),
+      );
+    });
+    it('should warn about Logto deprecated environment variables', () => {
+      // Set all deprecated environment variables
+      process.env.LOGTO_CLIENT_ID = 'logto_client_id';
+      process.env.LOGTO_CLIENT_SECRET = 'logto_client_secret';
+      process.env.LOGTO_ISSUER = 'logto_issuer';
+      // Call the function
+      getAuthConfig();
+
+      // Check that the spyConsoleWarn function was called for each deprecated environment variable
+      expect(spyConsoleWarn).toHaveBeenCalledWith(
+        expect.stringMatching(/LOGTO_CLIENT_ID.*AUTH_LOGTO_ID/),
+      );
+      expect(spyConsoleWarn).toHaveBeenCalledWith(
+        expect.stringMatching(/LOGTO_CLIENT_SECRET.*AUTH_LOGTO_SECRET/),
+      );
+      expect(spyConsoleWarn).toHaveBeenCalledWith(
+        expect.stringMatching(/LOGTO_ISSUER.*AUTH_LOGTO_ISSUER/),
+      );
+    });
+    it('should warn about Zitadel deprecated environment variables', () => {
+      // Set all deprecated environment variables
+      process.env.ZITADEL_CLIENT_ID = 'zitadel_client_id';
+      process.env.ZITADEL_CLIENT_SECRET = 'zitadel_client_secret';
+      process.env.ZITADEL_ISSUER = 'zitadel_issuer';
+      // Call the function
+      getAuthConfig();
+
+      // Check that the spyConsoleWarn function was called for each deprecated environment variable
+      expect(spyConsoleWarn).toHaveBeenCalledWith(
+        expect.stringMatching(/ZITADEL_CLIENT_ID.*AUTH_ZITADEL_ID/),
+      );
+      expect(spyConsoleWarn).toHaveBeenCalledWith(
+        expect.stringMatching(/ZITADEL_CLIENT_SECRET.*AUTH_ZITADEL_SECRET/),
+      );
+      expect(spyConsoleWarn).toHaveBeenCalledWith(
+        expect.stringMatching(/ZITADEL_ISSUER.*AUTH_ZITADEL_ISSUER/),
+      );
+    });
+  });
+  // Remove end
+});

package/src/config/auth.ts

@@ -42,7 +42,102 @@ declare global {
   }
 }
 
+// TODO(NextAuth ENVs Migration): Remove once nextauth envs migration time end
+const removeTipsTemplate = (willBeRemoved: string, replaceOne: string) =>
+  `${willBeRemoved} will be removed in the future. Please set ${replaceOne} instead.`;
+// End
+
 export const getAuthConfig = () => {
+  // TODO(NextAuth ENVs Migration): Remove once nextauth envs migration time end
+  if (process.env.AUTH0_CLIENT_ID) {
+    console.warn(removeTipsTemplate('AUTH0_CLIENT_ID', 'AUTH_AUTH0_ID'));
+  }
+  if (process.env.AUTH0_CLIENT_SECRET) {
+    console.warn(removeTipsTemplate('AUTH0_CLIENT_SECRET', 'AUTH_AUTH0_SECRET'));
+  }
+  if (process.env.AUTH0_ISSUER) {
+    console.warn(removeTipsTemplate('AUTH0_ISSUER', 'AUTH_AUTH0_ISSUER'));
+  }
+  if (process.env.AUTHENTIK_CLIENT_ID) {
+    console.warn(removeTipsTemplate('AUTHENTIK_CLIENT_ID', 'AUTH_AUTHENTIK_ID'));
+  }
+  if (process.env.AUTHENTIK_CLIENT_SECRET) {
+    console.warn(removeTipsTemplate('AUTHENTIK_CLIENT_SECRET', 'AUTH_AUTHENTIK_SECRET'));
+  }
+  if (process.env.AUTHENTIK_ISSUER) {
+    console.warn(removeTipsTemplate('AUTHENTIK_ISSUER', 'AUTH_AUTHENTIK_ISSUER'));
+  }
+  if (process.env.AUTHELIA_CLIENT_ID) {
+    console.warn(removeTipsTemplate('AUTHELIA_CLIENT_ID', 'AUTH_AUTHELIA_ID'));
+  }
+  if (process.env.AUTHELIA_CLIENT_SECRET) {
+    console.warn(removeTipsTemplate('AUTHELIA_CLIENT_SECRET', 'AUTH_AUTHELIA_SECRET'));
+  }
+  if (process.env.AUTHELIA_ISSUER) {
+    console.warn(removeTipsTemplate('AUTHELIA_ISSUER', 'AUTH_AUTHELIA_ISSUER'));
+  }
+  if (process.env.AZURE_AD_CLIENT_ID) {
+    console.warn(removeTipsTemplate('AZURE_AD_CLIENT_ID', 'AUTH_AZURE_AD_ID'));
+  }
+  if (process.env.AZURE_AD_CLIENT_SECRET) {
+    console.warn(removeTipsTemplate('AZURE_AD_CLIENT_SECRET', 'AUTH_AZURE_AD_SECRET'));
+  }
+  if (process.env.AZURE_AD_TENANT_ID) {
+    console.warn(removeTipsTemplate('AZURE_AD_TENANT_ID', 'AUTH_AZURE_AD_TENANT_ID'));
+  }
+  if (process.env.CLOUDFLARE_ZERO_TRUST_CLIENT_ID) {
+    console.warn(
+      removeTipsTemplate('CLOUDFLARE_ZERO_TRUST_CLIENT_ID', 'AUTH_CLOUDFLARE_ZERO_TRUST_ID'),
+    );
+  }
+  if (process.env.CLOUDFLARE_ZERO_TRUST_CLIENT_SECRET) {
+    console.warn(
+      removeTipsTemplate(
+        'CLOUDFLARE_ZERO_TRUST_CLIENT_SECRET',
+        'AUTH_CLOUDFLARE_ZERO_TRUST_SECRET',
+      ),
+    );
+  }
+  if (process.env.CLOUDFLARE_ZERO_TRUST_ISSUER) {
+    console.warn(
+      removeTipsTemplate('CLOUDFLARE_ZERO_TRUST_ISSUER', 'AUTH_CLOUDFLARE_ZERO_TRUST_ISSUER'),
+    );
+  }
+  if (process.env.GENERIC_OIDC_CLIENT_ID) {
+    console.warn(removeTipsTemplate('GENERIC_OIDC_CLIENT_ID', 'AUTH_GENERIC_OIDC_ID'));
+  }
+  if (process.env.GENERIC_OIDC_CLIENT_SECRET) {
+    console.warn(removeTipsTemplate('GENERIC_OIDC_CLIENT_SECRET', 'AUTH_GENERIC_OIDC_SECRET'));
+  }
+  if (process.env.GENERIC_OIDC_ISSUER) {
+    console.warn(removeTipsTemplate('GENERIC_OIDC_ISSUER', 'AUTH_GENERIC_OIDC_ISSUER'));
+  }
+  if (process.env.GITHUB_CLIENT_ID) {
+    console.warn(removeTipsTemplate('GITHUB_CLIENT_ID', 'AUTH_GITHUB_ID'));
+  }
+  if (process.env.GITHUB_CLIENT_SECRET) {
+    console.warn(removeTipsTemplate('GITHUB_CLIENT_SECRET', 'AUTH_GITHUB_SECRET'));
+  }
+  if (process.env.LOGTO_CLIENT_ID) {
+    console.warn(removeTipsTemplate('LOGTO_CLIENT_ID', 'AUTH_LOGTO_ID'));
+  }
+  if (process.env.LOGTO_CLIENT_SECRET) {
+    console.warn(removeTipsTemplate('LOGTO_CLIENT_SECRET', 'AUTH_LOGTO_SECRET'));
+  }
+  if (process.env.LOGTO_ISSUER) {
+    console.warn(removeTipsTemplate('LOGTO_ISSUER', 'AUTH_LOGTO_ISSUER'));
+  }
+  if (process.env.ZITADEL_CLIENT_ID) {
+    console.warn(removeTipsTemplate('ZITADEL_CLIENT_ID', 'AUTH_ZITADEL_ID'));
+  }
+  if (process.env.ZITADEL_CLIENT_SECRET) {
+    console.warn(removeTipsTemplate('ZITADEL_CLIENT_SECRET', 'AUTH_ZITADEL_SECRET'));
+  }
+  if (process.env.ZITADEL_ISSUER) {
+    console.warn(removeTipsTemplate('ZITADEL_ISSUER', 'AUTH_ZITADEL_ISSUER'));
+  }
+  // End
+
   return createEnv({
     client: {
       NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY: z.string().optional(),
@@ -95,7 +190,7 @@ export const getAuthConfig = () => {
       GENERIC_OIDC_CLIENT_ID: z.string().optional(),
       GENERIC_OIDC_CLIENT_SECRET: z.string().optional(),
       GENERIC_OIDC_ISSUER: z.string().optional(),
-      
+
       // ZITADEL
       ZITADEL_CLIENT_ID: z.string().optional(),
       ZITADEL_CLIENT_SECRET: z.string().optional(),
@@ -152,7 +247,7 @@ export const getAuthConfig = () => {
       GENERIC_OIDC_CLIENT_ID: process.env.GENERIC_OIDC_CLIENT_ID,
       GENERIC_OIDC_CLIENT_SECRET: process.env.GENERIC_OIDC_CLIENT_SECRET,
       GENERIC_OIDC_ISSUER: process.env.GENERIC_OIDC_ISSUER,
-      
+
       // ZITADEL
       ZITADEL_CLIENT_ID: process.env.ZITADEL_CLIENT_ID,
       ZITADEL_CLIENT_SECRET: process.env.ZITADEL_CLIENT_SECRET,

package/src/libs/agent-runtime/qwen/index.test.ts

@@ -161,13 +161,11 @@ describe('LobeQwenAI', () => {
           vi.spyOn(instance['client'].chat.completions, 'create').mockResolvedValue(
             new ReadableStream() as any,
           );
-
           await instance.chat({
             messages: [{ content: 'Hello', role: 'user' }],
             model: 'qwen-turbo',
             temperature: temp,
           });
-
           expect(instance['client'].chat.completions.create).toHaveBeenCalledWith(
             expect.objectContaining({
               messages: expect.any(Array),
@@ -183,13 +181,11 @@ describe('LobeQwenAI', () => {
         vi.spyOn(instance['client'].chat.completions, 'create').mockResolvedValue(
           new ReadableStream() as any,
         );
-
         await instance.chat({
           messages: [{ content: 'Hello', role: 'user' }],
           model: 'qwen-turbo',
           temperature: 1.5,
         });
-
         expect(instance['client'].chat.completions.create).toHaveBeenCalledWith(
           expect.objectContaining({
             messages: expect.any(Array),
@@ -199,6 +195,26 @@ describe('LobeQwenAI', () => {
           expect.any(Object),
         );
       });
+
+      it('should set temperature to Float', async () => {
+        const createMock = vi.fn().mockResolvedValue(new ReadableStream() as any);
+        vi.spyOn(instance['client'].chat.completions, 'create').mockImplementation(createMock);
+        await instance.chat({
+          messages: [{ content: 'Hello', role: 'user' }],
+          model: 'qwen-turbo',
+          temperature: 1,
+        });
+        expect(instance['client'].chat.completions.create).toHaveBeenCalledWith(
+          expect.objectContaining({
+            messages: expect.any(Array),
+            model: 'qwen-turbo',
+            temperature: expect.any(Number),
+          }),
+          expect.any(Object),
+        );
+        const callArgs = createMock.mock.calls[0][0];
+        expect(Number.isInteger(callArgs.temperature)).toBe(false); // Temperature is always not an integer 
+      });
     });
 
     describe('Error', () => {

package/src/libs/agent-runtime/qwen/index.ts

@@ -111,7 +111,7 @@ export class LobeQwenAI implements LobeRuntimeAI {
       temperature: 
         temperature === 0 || temperature >= 2 
         ? undefined 
-        : temperature,
+        : (temperature === 1 ? 0.999 : temperature), // 'temperature' must be Float
       top_p: top_p && top_p >= 1 ? 0.999 : top_p,
     };
 

package/src/libs/next-auth/auth.config.ts

@@ -1,4 +1,5 @@
 import type { NextAuthConfig } from 'next-auth';
+import urlJoin from 'url-join';
 
 import { authEnv } from '@/config/auth';
 
@@ -40,6 +41,7 @@ export default {
     },
   },
   providers: initSSOProviders(),
+  redirectProxyUrl: process.env.APP_URL ? urlJoin(process.env.APP_URL, '/api/auth') : undefined,
   secret: authEnv.NEXT_AUTH_SECRET,
-  trustHost: true,
+  trustHost: process.env?.AUTH_TRUST_HOST ? process.env.AUTH_TRUST_HOST === 'true' : true,
 } satisfies NextAuthConfig;

package/src/libs/next-auth/sso-providers/auth0.ts

@@ -11,9 +11,11 @@ const provider = {
     // Specify auth scope, at least include 'openid email'
     // all scopes in Auth0 ref: https://auth0.com/docs/get-started/apis/scopes/openid-connect-scopes#standard-claims
     authorization: { params: { scope: 'openid email profile' } },
-    clientId: authEnv.AUTH0_CLIENT_ID,
-    clientSecret: authEnv.AUTH0_CLIENT_SECRET,
-    issuer: authEnv.AUTH0_ISSUER,
+    // TODO(NextAuth ENVs Migration): Remove once nextauth envs migration time end
+    clientId: authEnv.AUTH0_CLIENT_ID ?? process.env.AUTH_AUTH0_ID,
+    clientSecret: authEnv.AUTH0_CLIENT_SECRET ?? process.env.AUTH_AUTH0_SECRET,
+    issuer: authEnv.AUTH0_ISSUER ?? process.env.AUTH_AUTH0_ISSUER,
+    // Remove End
     profile(profile) {
       return {
         email: profile.email,

package/src/libs/next-auth/sso-providers/authelia.ts

@@ -6,11 +6,11 @@ import { CommonProviderConfig } from './sso.config';
 
 export type AutheliaProfile = {
   // The users display name
-  email: string; 
+  email: string;
   // The users email
-  groups: string[]; 
+  groups: string[];
   // The username the user used to login with
-  name: string; 
+  name: string;
   preferred_username: string; // The users groups
   sub: string; // The users id
 };
@@ -21,10 +21,10 @@ const provider = {
     ...CommonProviderConfig,
     authorization: { params: { scope: 'openid email profile' } },
     checks: ['state', 'pkce'],
-    clientId: authEnv.AUTHELIA_CLIENT_ID,
-    clientSecret: authEnv.AUTHELIA_CLIENT_SECRET,
+    clientId: authEnv.AUTHELIA_CLIENT_ID ?? process.env.AUTH_AUTHELIA_ID,
+    clientSecret: authEnv.AUTHELIA_CLIENT_SECRET ?? process.env.AUTH_AUTHELIA_SECRET,
     id: 'authelia',
-    issuer: authEnv.AUTHELIA_ISSUER,
+    issuer: authEnv.AUTHELIA_ISSUER ?? process.env.AUTH_AUTHELIA_ISSUER,
     name: 'Authelia',
     profile(profile) {
       return {

package/src/libs/next-auth/sso-providers/authentik.ts

@@ -11,9 +11,11 @@ const provider = {
     // Specify auth scope, at least include 'openid email'
     // all scopes in Authentik ref: https://goauthentik.io/docs/providers/oauth2
     authorization: { params: { scope: 'openid email profile' } },
-    clientId: authEnv.AUTHENTIK_CLIENT_ID,
-    clientSecret: authEnv.AUTHENTIK_CLIENT_SECRET,
-    issuer: authEnv.AUTHENTIK_ISSUER,
+    // TODO(NextAuth ENVs Migration): Remove once nextauth envs migration time end
+    clientId: authEnv.AUTHENTIK_CLIENT_ID ?? process.env.AUTH_AUTHENTIK_ID,
+    clientSecret: authEnv.AUTHENTIK_CLIENT_SECRET ?? process.env.AUTH_AUTHENTIK_SECRET,
+    issuer: authEnv.AUTHENTIK_ISSUER ?? process.env.AUTH_AUTHENTIK_ISSUER,
+    // Remove end
     // TODO(NextAuth): map unique user id to `providerAccountId` field
     //  profile(profile) {
     //   return {

package/src/libs/next-auth/sso-providers/azure-ad.ts

@@ -11,9 +11,11 @@ const provider = {
     // Specify auth scope, at least include 'openid email'
     // all scopes in Azure AD ref: https://learn.microsoft.com/en-us/entra/identity-platform/scopes-oidc#openid-connect-scopes
     authorization: { params: { scope: 'openid email profile' } },
-    clientId: authEnv.AZURE_AD_CLIENT_ID,
-    clientSecret: authEnv.AZURE_AD_CLIENT_SECRET,
-    tenantId: authEnv.AZURE_AD_TENANT_ID,
+    // TODO(NextAuth ENVs Migration): Remove once nextauth envs migration time end
+    clientId: authEnv.AZURE_AD_CLIENT_ID ?? process.env.AUTH_AZURE_AD_ID,
+    clientSecret: authEnv.AZURE_AD_CLIENT_SECRET ?? process.env.AUTH_AZURE_AD_SECRET,
+    tenantId: authEnv.AZURE_AD_TENANT_ID ?? process.env.AUTH_AZURE_AD_TENANT_ID,
+    // Remove end
     // TODO(NextAuth): map unique user id to `providerAccountId` field
     // profile(profile) {
     //   return {

package/src/libs/next-auth/sso-providers/cloudflare-zero-trust.ts

@@ -16,10 +16,11 @@ const provider = {
     ...CommonProviderConfig,
     authorization: { params: { scope: 'openid email profile' } },
     checks: ['state', 'pkce'],
-    clientId: authEnv.CLOUDFLARE_ZERO_TRUST_CLIENT_ID,
-    clientSecret: authEnv.CLOUDFLARE_ZERO_TRUST_CLIENT_SECRET,
+    clientId: authEnv.CLOUDFLARE_ZERO_TRUST_CLIENT_ID ?? process.env.AUTH_CLOUDFLARE_ZERO_TRUST_ID,
+    clientSecret:
+      authEnv.CLOUDFLARE_ZERO_TRUST_CLIENT_SECRET ?? process.env.AUTH_CLOUDFLARE_ZERO_TRUST_SECRET,
     id: 'cloudflare-zero-trust',
-    issuer: authEnv.CLOUDFLARE_ZERO_TRUST_ISSUER,
+    issuer: authEnv.CLOUDFLARE_ZERO_TRUST_ISSUER ?? process.env.AUTH_CLOUDFLARE_ZERO_TRUST_ISSUER,
     name: 'Cloudflare Zero Trust',
     profile(profile) {
       return {

package/src/libs/next-auth/sso-providers/generic-oidc.ts

@@ -19,10 +19,10 @@ const provider = {
     ...CommonProviderConfig,
     authorization: { params: { scope: 'email openid profile' } },
     checks: ['state', 'pkce'],
-    clientId: authEnv.GENERIC_OIDC_CLIENT_ID,
-    clientSecret: authEnv.GENERIC_OIDC_CLIENT_SECRET,
+    clientId: authEnv.GENERIC_OIDC_CLIENT_ID ?? process.env.AUTH_GENERIC_OIDC_ID,
+    clientSecret: authEnv.GENERIC_OIDC_CLIENT_SECRET ?? process.env.AUTH_GENERIC_OIDC_SECRET,
     id: 'generic-oidc',
-    issuer: authEnv.GENERIC_OIDC_ISSUER,
+    issuer: authEnv.GENERIC_OIDC_ISSUER ?? process.env.AUTH_GENERIC_OIDC_ISSUER,
     name: 'Generic OIDC',
     profile(profile) {
       return {

package/src/libs/next-auth/sso-providers/github.ts

@@ -10,8 +10,10 @@ const provider = {
     ...CommonProviderConfig,
     // Specify auth scope, at least include 'openid email'
     authorization: { params: { scope: 'read:user user:email' } },
-    clientId: authEnv.GITHUB_CLIENT_ID,
-    clientSecret: authEnv.GITHUB_CLIENT_SECRET,
+    // TODO(NextAuth ENVs Migration): Remove once nextauth envs migration time end
+    clientId: authEnv.GITHUB_CLIENT_ID ?? process.env.AUTH_GITHUB_ID,
+    clientSecret: authEnv.GITHUB_CLIENT_SECRET ?? process.env.AUTH_GITHUB_SECRET,
+    // Remove end
     profile: (profile) => {
       return {
         email: profile.email,

package/src/libs/next-auth/sso-providers/logto.ts

@@ -41,9 +41,9 @@ const provider = {
     },
     // You can get the issuer value from the Logto Application Details page,
     // in the field "Issuer endpoint"
-    clientId: authEnv.LOGTO_CLIENT_ID,
-    clientSecret: authEnv.LOGTO_CLIENT_SECRET,
-    issuer: authEnv.LOGTO_ISSUER,
+    clientId: authEnv.LOGTO_CLIENT_ID ?? process.env.AUTH_LOGTO_ID,
+    clientSecret: authEnv.LOGTO_CLIENT_SECRET ?? process.env.AUTH_LOGTO_SECRET,
+    issuer: authEnv.LOGTO_ISSUER ?? process.env.AUTH_LOGTO_ISSUER,
   }),
 };
 

package/src/libs/next-auth/sso-providers/zitadel.ts

@@ -7,9 +7,11 @@ const provider = {
   provider: Zitadel({
     // Available scopes in ZITADEL: https://zitadel.com/docs/apis/openidoauth/scopes
     authorization: { params: { scope: 'openid email profile' } },
-    clientId: authEnv.ZITADEL_CLIENT_ID,
-    clientSecret: authEnv.ZITADEL_CLIENT_SECRET,
-    issuer: authEnv.ZITADEL_ISSUER,
+    // TODO(NextAuth ENVs Migration): Remove once nextauth envs migration time end
+    clientId: authEnv.ZITADEL_CLIENT_ID ?? process.env.AUTH_ZITADEL_ID,
+    clientSecret: authEnv.ZITADEL_CLIENT_SECRET ?? process.env.AUTH_ZITADEL_SECRET,
+    issuer: authEnv.ZITADEL_ISSUER ?? process.env.AUTH_ZITADEL_ISSUER,
+    // Remove end
     // TODO(NextAuth): map unique user id to `providerAccountId` field
     // profile(profile) {
     //   return {