NextAuth.js + Auth0: offline_access breaks jwt decryption
For anyone struggling with something similar:
https://next-auth.js.org/configuration/options#secret
The default behaviour is volatile, and it is strongly recommended you explicitly specify a value [for the secret option]. If secret is omitted in production, an error is thrown.