I think it’s because you’re using the development link
NEXTAUTH_URL="http://localhost:3000" in production. Instead, use the live link
NEXTAUTH_URL="yourwebsite.com" in production.
Also, instead of doing an if-statement to check whether you’re in development or in production, have 2
.env files – one locally with the localhost url, and the one on live with the live url. This can help you better diagnose issues.
More so, check to confirm that your env variables are actually accessible in your app.