diff --git a/src/app/api/auth/github/callback/route.ts b/src/app/api/auth/github/callback/route.ts
index e62316c..394df77 100644
--- a/src/app/api/auth/github/callback/route.ts
+++ b/src/app/api/auth/github/callback/route.ts
@@ -27,8 +27,8 @@ function err(req: NextRequest, code: string): NextResponse {
 }
 
 export async function GET(req: NextRequest) {
-  const clientId = process.env.GITHUB_OAUTH_CLIENT_ID;
-  const clientSecret = process.env.GITHUB_OAUTH_CLIENT_SECRET;
+  const clientId = process.env.GITHUB_OAUTH_CLIENT_ID?.trim();
+  const clientSecret = process.env.GITHUB_OAUTH_CLIENT_SECRET?.trim();
   if (!clientId || !clientSecret) return err(req, 'oauth_not_configured');
 
   const code = req.nextUrl.searchParams.get('code');
diff --git a/src/app/api/auth/github/login/route.ts b/src/app/api/auth/github/login/route.ts
index 288aa81..5dc7707 100644
--- a/src/app/api/auth/github/login/route.ts
+++ b/src/app/api/auth/github/login/route.ts
@@ -11,7 +11,7 @@ const NEXT_COOKIE = 'gh_oauth_next';
 const STATE_MAX_AGE_SEC = 600; // 10 min — plenty for the round-trip
 
 export async function GET(req: NextRequest) {
-  const clientId = process.env.GITHUB_OAUTH_CLIENT_ID;
+  const clientId = process.env.GITHUB_OAUTH_CLIENT_ID?.trim();
   if (!clientId) {
     return NextResponse.json({ error: 'GITHUB_OAUTH_CLIENT_ID not set' }, { status: 500 });
   }