fix: do not throw ERR_JWE_DECRYPTION_FAILED, but catch it and ignore the cookie.

[frederikprijck]

📋 Changes

When the SDK can not decrypt the cookie, which typically happens because of a change in secret, the middleware just blows up:

⨯ JWEDecryptionFailed: decryption operation failed
    at async middleware (middleware.ts:6:9)
  4 |
  5 | export async function middleware(request: NextRequest) {
> 6 |   return await auth0.middleware(request);
    |         ^
  7 | }
  8 |

Instead, we should handle this in the same way we handle an expired JWE, and ignore it.

After this PR, instead of an unhandled decryption error being thrown from the middleware, the cookie will be ignored and no session data will be available. The user can re-login to resolve. Alternatively, if the secret would have been accidentically changed, updating that again would restore the previous session (assuming the user did not re-login with the different secret)

📎 References

N/A

🎯 Testing

To test this:

• git clone https://github.com/auth0/nextjs-auth0
• cd nextjs-auth0
• pnpm i
• cd examples/with-shadcn
• Fill in .env as per .env.example
• pnpm i
• pnpm run dev

Then login, change the secret inside .env after logging in, refresh the page and see the middleware throw an error.

To test this fix, use the same steps, but ensure you use the local version of the SDK by using:

• pnpm pack (in the root)
• cd examples/with-shadcn
• pnpm remove @auth0/nextjs-auth0
• pnpm add ../path/to/tgz

In this case, upon refreshing the page after changing the secret, we should see no error. instead the user is considered not logged in.

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 91.18%. Comparing base (f7bc06e) to head (2bf9505).

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #2487   +/-   ##
=======================================
  Coverage   91.18%   91.18%           
=======================================
  Files          39       39           
  Lines        4694     4697    +3     
  Branches      980      980           
=======================================
+ Hits         4280     4283    +3     
  Misses        408      408           
  Partials        6        6           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[nicogarcia]

Tested and works perfectly for me 🙌