Apple Provider - Cannot generate signed JWT in new AuthJS v5

[Tigatok]

So I am migrating from NextAuth v4 to v5. I have Apple, Google, and magic link providers. Google and ML work fine. Apple, however, requires that we provide a signed JWT. The docs and examples have always just shown a 'static' JWT, but in the event it expires, your app may no longer work. To solve this, we can sign our own JWT's. It seems however that due to some of the changes in v5, it no longer allows for this to happen. So I am trying to figure out how to best accomplish this now.

const providers: Provider[] = [
...
  Apple({
    clientId: String(process.env.APPLE_CLIENT_ID),
    clientSecret: getAppleToken(), // Type Promise<any> is not assignable to type 'string'
    allowDangerousEmailAccountLinking: true,
  }),
]

But I can't async await that due to no top level async await

Here is my getAppleToken function:

const getAppleToken = async () => {
  const appleTeamId = String(process.env.APPLE_TEAM_ID)
  const appleClientKey = String(process.env.APPLE_CLIENT_KEY)
  const appleClientId = String(process.env.APPLE_CLIENT_ID)
  const applePrivateKey = String(process.env.APPLE_PRIVATE_KEY).replace(
    /\\n/g,
    '\n'
  )

  const appleToken = await new SignJWT({})
    .setAudience('https://appleid.apple.com')
    // Team id /ISS
    .setIssuer(appleTeamId)
    // When the JWT was issued
    .setIssuedAt(new Date().getTime() / 1000)
    .setExpirationTime(new Date().getTime() / 1000 + 3600 * 2)
    // Our domain / sub
    .setSubject(appleClientId)
    .setProtectedHeader({
      alg: 'ES256',
      // Key id / kid
      kid: appleClientKey,
    })
    // Sign the token with our private key
    .sign(createPrivateKey(applePrivateKey))
  return appleToken
}

Any thoughts?

I deploy this on Vercel, so ideally works with serverless functionality.

[hjhjdev]

Create another NextAuth instance with empty provider array worked for me.

[danielpl10]

@Tigatok Hi, I know that is not related to the post, but do you have working apple provider only with client id and client secret? if not can you provide your working apple configuration? I will appreciate your help