Problem on Heroku - "jwtSecret ('JWT_SECRET')" by overwrite "plugin-users-permissions" 🫤

System Information
  • Strapi Version: 4.21.1
  • Operating System: Heroku
  • Database: PostgreSQL
  • Node Version: 18.20.0
  • NPM Version: >=6.0.0

Hello guys,

I have a small issue here… :face_with_diagonal_mouth:

To override “plugin-users-permissions”, I just copied the entire folder and renamed it to “users-permissions” for testing purposes. I haven’t made any changes to anything inside it, and I can debug everything in the folder without any problems. It runs perfectly fine on my local machine.

However, when I try to deploy the project on Heroku, it throws an error! (please see the screenshot)

If I add ‘jwtSecret’ in the ‘plugin.js’ file, it still doesn’t work.

What can I do? I need your help!

Many thanks in advance!

Originally I modified the “auth.js” and “user.js” and added a few new “middlewares”. When I still had Strapi v3, it worked so easily, but with Strapi v4 I would like to use these files and this structure even further.


Hello guys,

in the meantime, I’ve managed a lot myself, and I’ve also bound the files using “strapi-server.js”. Now I just have to overwrite the two files “auth.js” and “user.js” (in “controllers”).


Can someone give me a tip?

Thanks in advance!

P.S. “I have asked a question about this. If it can be resolved, then this issue will also be resolved.”