NextAuth.js + Auth0: offline_access breaks jwt decryption

For anyone struggling with something similar:

https://next-auth.js.org/configuration/options#secret

The default behaviour is volatile, and it is strongly recommended you explicitly specify a value [for the secret option]. If secret is omitted in production, an error is thrown.