Minimum length of JWT secret

[WeersProductions]

In the readme of next-auth, a secret of length 64 is used:
https://next-auth.js.org/configuration/options#jwt :

You can generate a secret be using `openssl rand -base64 64`

The following documentation states that at least a secret with length 512 should be used:
https://github.com/auth0/java-jwt#hmac-key-length-and-security :

When using a Hash-based Message Authenticaton Code, e.g. HS256 or HS512, in order to comply with the strict requirements of the JSON Web Algorithms (JWA) specification (RFC7518), you must use a secret key which has the same (or larger) bit length as the size of the output hash.

I am still new to this, but I was wondering whether using a JWT secret of length 64 is safe?

[balazsorban44]

the value you set is being used to create the actual secret I'm not going to claim I'm the expert on this, but the provided secret is only being used as kind of a seed for the actual value. See the source code

https://github.com/nextauthjs/next-auth/blob/main/src/lib/jwt.js