JWT_SESSION_ERROR

[timowevel1]

It doesnt end....
Do you have any ideas? Already trying to get it running for 3 days and every time a new problem pops up...
Node Version: v16.16.0
message: 'decryption operation failed', stack: 'JWEDecryptionFailed: decryption operation failed\n' + ' at gcmDecrypt (/opt/cal.com/node_modules/jose/dist/node/cjs/runtime/decrypt.js:67:15)\n' + ' at decrypt (/opt/cal.com/node_modules/jose/dist/node/cjs/runtime/decrypt.js:92:20)\n' + ' at flattenedDecrypt (/opt/cal.com/node_modules/jose/dist/node/cjs/jwe/flattened/decrypt.js:119:52)\n' + ' at async compactDecrypt (/opt/cal.com/node_modules/jose/dist/node/cjs/jwe/compact/decrypt.js:18:23)\n' + ' at async jwtDecrypt (/opt/cal.com/node_modules/jose/dist/node/cjs/jwt/decrypt.js:8:23)\n' + ' at async Object.decode (/opt/cal.com/node_modules/next-auth/jwt/index.js:64:7)\n' + ' at async Object.session (/opt/cal.com/node_modules/next-auth/core/routes/session.js:41:28)\n' + ' at async NextAuthHandler (/opt/cal.com/node_modules/next-auth/core/index.js:135:27)\n' + ' at async NextAuthNextHandler (/opt/cal.com/node_modules/next-auth/next/index.js:23:19)\n' + ' at async /opt/cal.com/node_modules/next-auth/next/index.js:59:32\n' + ' at async Object.apiResolver (/opt/cal.com/node_modules/next/dist/server/api-utils/node.js:179:9)\n' + ' at async NextNodeServer.runApi (/opt/cal.com/node_modules/next/dist/server/next-server.js:381:9)\n' + ' at async Object.fn (/opt/cal.com/node_modules/next/dist/server/base-server.js:497:37)\n' + ' at async Router.execute (/opt/cal.com/node_modules/next/dist/server/router.js:213:36)\n' + ' at async NextNodeServer.run (/opt/cal.com/node_modules/next/dist/server/base-server.js:630:29)\n' + ' at async NextNodeServer.handleRequest (/opt/cal.com/node_modules/next/dist/server/base-server.js:317:20)', name: 'JWEDecryptionFailed' }

My conf:
`

********** INDEX **********

- LICENSE

- DATABASE

- SHARED

- NEXTAUTH

- E-MAIL SETTINGS

- LICENSE *************************************************************************************************

Set this value to 'agree' to accept our license:

LICENSE: https://github.com/calendso/calendso/blob/main/LICENSE

Summary of terms:

- The codebase has to stay open source, whether it was modified or not

- You can not repackage or sell the codebase

- Acquire a commercial license to remove these terms by visiting: cal.com/sales

NEXT_PUBLIC_LICENSE_CONSENT='agree'

To enable enterprise-only features, fill your license key in here.

@see https://console.cal.com

CALCOM_LICENSE_KEY=

***********************************************************************************************************

- DATABASE ************************************************************************************************

⚠️ ⚠️ ⚠️ DATABASE_URL got moved to packages/prisma/.env.example ⚠️ ⚠️ ⚠️

***********************************************************************************************************

BASE_URL='https://DOMAIN.com'

- SHARED **************************************************************************************************

NEXT_PUBLIC_APP_URL='https://DOMAIN.com'
NEXT_PUBLIC_WEBAPP_URL='https://DOMAIN.com'

Change to 'http://localhost:3001' if running the website simultaneously

#NEXT_PUBLIC_WEBSITE_URL='http://localhost:3000'
#NEXT_PUBLIC_CONSOLE_URL='http://localhost:3004'
#NEXT_PUBLIC_EMBED_LIB_URL='http://localhost:3000/embed/embed.js'
DATABASE_URL="postgresql://admin:admin@localhost:5432/caldb"

To enable SAML login, set both these variables

@see https://github.com/calcom/cal.com/tree/main/packages/ee#setting-up-saml-login

SAML_DATABASE_URL="postgresql://postgres:@localhost:5450/cal-saml"

SAML_DATABASE_URL=

SAML_ADMINS='[email protected]'

SAML_ADMINS=

If you use Heroku to deploy Postgres (or use self-signed certs for Postgres) then uncomment the follow line.

@see https://devcenter.heroku.com/articles/connecting-heroku-postgres#connecting-in-node-js

PGSSLMODE='no-verify'

PGSSLMODE=

- NEXTAUTH

@see: https://github.com/calendso/calendso/issues/263

@see: https://next-auth.js.org/configuration/options#nextauth_url

Required for Vercel hosting - set NEXTAUTH_URL to equal your NEXT_PUBLIC_WEBAPP_URL

NEXTAUTH_URL='http://localhost:3000'

NEXTAUTH_URL='https://DOMAIN.com'

@see: https://next-auth.js.org/configuration/options#nextauth_secret

You can use: openssl rand -base64 32 to generate one

NEXTAUTH_SECRET=Mdm0c3Dzs9u7HZk7SwM7SspBBa2Cwm5UQrBX3o5KOhM=

Used for cross-domain cookie authentication

NEXTAUTH_COOKIE_DOMAIN=.example.com

Set this to '1' if you don't want Cal to collect anonymous usage

CALCOM_TELEMETRY_DISABLED=

ApiKey for cronjobs

CRON_API_KEY='0cc0e6c35519bba620c9360cfe3e68d0'

Application Key for symmetric encryption and decryption

must be 32 bytes for AES256 encryption algorithm

You can use: openssl rand -base64 24 to generate one

CALENDSO_ENCRYPTION_KEY=H3Kxq1igYjrDSInLfSiF2h3tCgPSLKOS

Intercom Config

NEXT_PUBLIC_INTERCOM_APP_ID=

Zendesk Config

NEXT_PUBLIC_ZENDESK_KEY=

Help Scout Config

NEXT_PUBLIC_HELPSCOUT_KEY=

Inbox to send user feedback

SEND_FEEDBACK_EMAIL=

Sengrid

Used for email reminders in workflows

SENDGRID_API_KEY=
SENDGRID_EMAIL=

Twilio

Used to send SMS reminders in workflows

TWILIO_SID=
TWILIO_TOKEN=
TWILIO_MESSAGING_SID=

This is used so we can bypass emails in auth flows for E2E testing

Set it to "1" if you need to run E2E tests locally

NEXT_PUBLIC_IS_E2E=

Used for internal billing system

NEXT_PUBLIC_STRIPE_PRO_PLAN_PRICE=
NEXT_PUBLIC_STRIPE_PREMIUM_PLAN_PRICE=
NEXT_PUBLIC_STRIPE_FREE_PLAN_PRICE=
STRIPE_WEBHOOK_SECRET=
STRIPE_PRO_PLAN_PRODUCT_ID=
STRIPE_PREMIUM_PLAN_PRODUCT_ID=
STRIPE_FREE_PLAN_PRODUCT_ID=

Use for internal Public API Keys and optional

API_KEY_PREFIX=cal_

***********************************************************************************************************

- E-MAIL SETTINGS *****************************************************************************************

Cal uses nodemailer (@see https://nodemailer.com/about/) to provide email sending. As such we are trying to

allow access to the nodemailer transports from the .env file. E-mail templates are accessible within lib/emails/

Configures the global From: header whilst sending emails.

EMAIL_FROM='[email protected]'

Configure SMTP settings (@see https://nodemailer.com/smtp/).

Note: The below configuration for Office 365 has been verified to work.

EMAIL_SERVER_HOST='smtp.office365.com'
EMAIL_SERVER_PORT=587
EMAIL_SERVER_USER='<office365_emailAddress>'

Keep in mind that if you have 2FA enabled, you will need to provision an App Password.

EMAIL_SERVER_PASSWORD='<office365_password>'

The following configuration for Gmail has been verified to work.

EMAIL_SERVER_HOST='smtp.gmail.com'

EMAIL_SERVER_PORT=465

EMAIL_SERVER_USER='<gmail_emailAddress>'

You will need to provision an App Password.

@see https://support.google.com/accounts/answer/185833

EMAIL_SERVER_PASSWORD='<gmail_app_password>'

**********************************************************************************************************

Set the following value to true if you wish to enable Team Impersonation

NEXT_PUBLIC_TEAM_IMPERSONATION=false

`

[funsurfer2008]

Hy,

if you want to make a selfhosted envoirement feel free to contact me. I can help you to set it up in about 1 h.
All youss need is:

• Server with Debian 11
• Domain you want to use
• Maybe some informations from your wantet integrations

brgds

[dosubot[bot]]

The JWEDecryptionFailed error you're encountering typically indicates an issue with the decryption process, which can be caused by several factors. Here are some potential causes and solutions:

1. Incorrect CALENDSO_ENCRYPTION_KEY: Ensure that your CALENDSO_ENCRYPTION_KEY is exactly 32 bytes long, as required for AES256 encryption. You can generate a new key using the command openssl rand -base64 32 and update your environment variable accordingly ^[1].

2. Environment Variable Configuration: Double-check that all related environment variables, such as NEXTAUTH_SECRET and CALENDSO_ENCRYPTION_KEY, are correctly set and match the expected format. Any misconfiguration can lead to decryption failures ^[2].

3. Node Version Compatibility: While you are using Node v16.16.0, ensure that all dependencies are compatible with this version. Sometimes, upgrading or downgrading Node can resolve unexpected issues.

4. Library Issues: The error stack trace points to the jose library used for JWT decryption. Ensure that you have the latest version of this library, as updates may contain bug fixes or improvements.

5. Check for Similar Issues: There are similar discussions, such as this one, which might provide additional insights or solutions ^[3].

By addressing these areas, you should be able to resolve the decryption error. If the issue persists, consider reviewing the full stack trace and logs for any additional clues.

To continue talking to Dosu, mention @dosu.

Written by @dosu, approved by dosu-customer-success