There was similar issue: Problems with GCP, AXIOS, OIDC and x-vercel-oidc-token and It wasn’t answered correctly.
We were using better-auth with nextjs middleware configuration: Next.js integration | Better Auth (using runtime node option)
But middleware refuses to run with error - Error: The ‘x-vercel-oidc-token’ header is missing from the request. Do you have the OIDC option enabled in the Vercel project settings?
As we’re using Prisma and AWS RDS. We want to sure it connects without any problem and securely. So we’re decided to use Vercel OIDC + RDS Signer.
As a result, It keep refuses request and throw errors when i access certain page that i defined in middleware in vercel deployments.
(Only in middleware, server actions and SSR was working correctly without problem in same setting.)
Using API Call method described for NextJS 15.1.7 and below works but painfully slow as it makes multiple calls to server by middleware itself.
Seems like middleware doesn’t have correct env or header? At least it’s Next’s problem or Vercel’s problem.
Current: Refuses to run middleware so verification fails
Expected: runs without error
// middleware.ts
import { NextRequest, NextResponse } from "next/server";
import { headers } from "next/headers";
import { auth } from "@/lib/auth";
export async function middleware(request: NextRequest) {
const session = await auth.api.getSession({ // This things will communicate to RDS with Prisma + RDS Signer
headers: await headers()
})
if(!session) {
return NextResponse.redirect(new URL("/sign-in", request.url));
}
return NextResponse.next();
}
export const config = {
runtime: "nodejs",
matcher: ["/dashboard"], // Apply middleware to specific routes
};
// DB configuration
import { awsCredentialsProvider as vercelAwsCredentialsProvider } from "@vercel/oidc-aws-credentials-provider";
import { PrismaPg } from "@prisma/adapter-pg";
import { PrismaClient } from "../generated/client";
import { Signer } from "@aws-sdk/rds-signer";
const defaultSslConfig = {
rejectUnauthorized: false,
};
...
const signer = new Signer({
credentials:
IS_VERCEL && config.roleArn
? vercelAwsCredentialsProvider({
roleArn: config.roleArn,
})
: undefined, // AWS 환경에서는 기본 자격 증명 사용
region: config.region,
port: parseInt(config.port),
hostname: config.hostname,
username: config.username,
});
...
const adapter = new PrismaPg({
host: parsedDbUrl.hostname,
port: parseInt(parsedDbUrl.port),
database: parsedDbUrl.database,
user: parsedDbUrl.username,
password: async () => {
const token = await signer.getAuthToken();
return token;
},
ssl: defaultSslConfig,
});
return new PrismaClient({ adapter });
NextJS 15.5, BetterAuth 1.3.5, “@vercel/oidc-aws-credentials-provider”: ^2.0.2, Prisma 6.13.0