search

asgardeo / asgardeo-auth-react-sdk

To maintain the implementation of Asgardeo React authentication SDK
Apache License 2.0
40 stars 91 forks source link

Causes an error with Node LTS 18.12.1 - Error: error:0308010C:digital envelope routines::unsupported #152

Closed UpekshaGalappaththi closed 1 year ago

UpekshaGalappaththi commented 2 years ago

Describe the issue: Running the sample project with Node LTS 18.12.1 the below error will be triggered.

node:internal/crypto/hash:71
  this[kHandle] = new _Hash(algorithm, xofLen);
                  ^

Error: error:0308010C:digital envelope routines::unsupported
    at new Hash (node:internal/crypto/hash:71:19)
    at Object.createHash (node:crypto:133:10)
    at module.exports (/Users/../asgardeo-react-app/node_modules/webpack/lib/util/createHash.js:135:53)
    at NormalModule._initBuildHash (/Users/../asgardeo-react-app/node_modules/webpack/lib/NormalModule.js:417:16)
    at handleParseError (/Users/../asgardeo-react-app/node_modules/webpack/lib/NormalModule.js:471:10)
    at /Users/../asgardeo-react-app/node_modules/webpack/lib/NormalModule.js:503:5
    at /Users/../asgardeo-react-app/node_modules/webpack/lib/NormalModule.js:358:12
    at /Users/../asgardeo-react-app/node_modules/loader-runner/lib/LoaderRunner.js:373:3
    at iterateNormalLoaders (/Users/../asgardeo-react-app/node_modules/loader-runner/lib/LoaderRunner.js:214:10)
    at iterateNormalLoaders (/Users/../asgardeo-react-app/node_modules/loader-runner/lib/LoaderRunner.js:221:10) {
  opensslErrorStack: [ 'error:03000086:digital envelope routines::initialization error' ],
  library: 'digital envelope routines',
  reason: 'unsupported',
  code: 'ERR_OSSL_EVP_UNSUPPORTED'
}

How to reproduce: Use the Node LTS 18.12.1 and run 'npm install && npm start' in the root folder

Was able to fix the error by exporting 'openssl-legacy-provider'

export NODE_OPTIONS=--openssl-legacy-provider

This error will not occur if the Node.js version is downgraded. Ex - Tried with V16.18.1 and did not face an error

Reason for the issue seems to be that In Node.js v17, a security hole was closed in the SSL provider. This fix was a breaking change that corresponded with similar breaking changes in the SSL packages in NPM. When you attempt to use SSL in Node.js v17 or later without also upgrading those SSL packages in your package.json, then you will see this error.

brionmario commented 1 year ago

Maybe we can modify the start script to include NODE_OPTIONS=--openssl-legacy-provider.

  1. Add cross-env as a dependency.
  2. Change the package.json start script.
        "start": "cross-env NODE_OPTIONS=--openssl-legacy-provider webpack-dev-server --mode development --inline --hot --open",

@DonOmalVindula FYI.

DonOmalVindula commented 1 year ago

This issue is now fixed with asgardeo-auth-react-sdk v2.0.0. We have added support for node 18 with this version. However, we are now using the yarn install command instead of npm install.

yarn install && npm start (requires yarn) will successfully execute as follows.

Screenshot 2023-02-24 at 11 56 29