diff --git a/auth.ts b/auth.ts
index e40ee7767..59303f2c5 100644
--- a/auth.ts
+++ b/auth.ts
@@ -45,6 +45,7 @@ const customProvider = {
 } satisfies OIDCConfig<User>
 
 export const config = {
+  debug: env.NEXTAUTH_DEBUG,
   providers: [customProvider],
   redirectProxyUrl: env.NEXTAUTH_REDIRECT_PROXY_URL,
   trustHost: true,
diff --git a/env/server.ts b/env/server.ts
index b565ed448..6dd3df4f4 100644
--- a/env/server.ts
+++ b/env/server.ts
@@ -23,10 +23,20 @@ export const env = createEnv({
     CURITY_ISSUER_USER: z.string(),
     CYPRESS_BASE_URL: z.string().default("http://127.0.0.1:3000"),
     DESIGN_SYSTEM_ACCESS_TOKEN: z.string(),
+    // https://env.t3.gg/docs/recipes#booleans
+    NEXTAUTH_DEBUG: z
+      .string()
+      .refine((s) => s === "true" || s === "false")
+      .transform((s) => s === "true")
+      .default("false"),
     NEXTAUTH_REDIRECT_PROXY_URL: z.string().optional(),
     NEXTAUTH_SECRET: z.string(),
     NODE_ENV: z.enum(["development", "test", "production"]),
-    PRINT_QUERY: z.boolean().default(false),
+    PRINT_QUERY: z
+      .string()
+      .refine((s) => s === "true" || s === "false")
+      .transform((s) => s === "true")
+      .default("false"),
     REVALIDATE_SECRET: z.string(),
     SEAMLESS_LOGIN_DA: z.string(),
     SEAMLESS_LOGIN_DE: z.string(),
@@ -53,6 +63,7 @@ export const env = createEnv({
     CURITY_ISSUER_USER: process.env.CURITY_ISSUER_USER,
     CYPRESS_BASE_URL: process.env.CYPRESS_TEST_URL,
     DESIGN_SYSTEM_ACCESS_TOKEN: process.env.DESIGN_SYSTEM_ACCESS_TOKEN,
+    NEXTAUTH_DEBUG: process.env.NEXTAUTH_DEBUG,
     NEXTAUTH_REDIRECT_PROXY_URL: process.env.NEXTAUTH_REDIRECT_PROXY_URL,
     NEXTAUTH_SECRET: process.env.NEXTAUTH_SECRET,
     NODE_ENV: process.env.NODE_ENV,