Configure Google OAuth, 2FA, reCAPTCHA, and security features
For additional support, visit our Support Center
http://localhost:3000/api/auth/callback/google
https://yourdomain.com/api/auth/callback/google
Add both development and production URLs.
GOOGLE_CLIENT_ID="your-google-client-id.apps.googleusercontent.com"
GOOGLE_CLIENT_SECRET="your-google-client-secret"
Copy these values from your Google Cloud Console credentials.
NEXT_PUBLIC_2FA_STATUS="true"
Enable/disable 2FA feature for users.
localhost # For development
yourdomain.com # Your production domain
NEXT_PUBLIC_RECAPTCHA_SITE_KEY="your-site-key"
RECAPTCHA_SECRET_KEY="your-secret-key"
Site key is public, secret key must be kept secure.
NEXT_PUBLIC_RECAPTCHA_STATUS="true"
Enable/disable reCAPTCHA across the platform.
JWT_SECRET="your-super-secret-jwt-key-here"
Use a strong, random string. Consider using: openssl rand -base64 32
JWT_EXPIRES_IN="24h"
JWT_REFRESH_EXPIRES_IN="7d"
Access token expires in 24h, refresh token in 7 days.
RATE_LIMIT_MAX="100"
RATE_LIMIT_WINDOW="900000"
100 requests per 15 minutes (900,000ms).
After configuring authentication settings, restart the development server:
Authentication changes require a server restart to take effect.
Press Ctrl + C in your terminal
pnpm dev
This will restart the server with your new authentication configuration.