panva
commented
1 year ago In WebContainers Node's Crypto.webcrypto is equivalent to the browser's crypto.
It isn't. Quick test like the following demonstrates. It still uses the same node crypto module internals that aren't there.
import * as crypto from 'node:crypto';
console.log(process.version);
console.log(
await crypto.webcrypto.subtle.generateKey(
{ name: 'HMAC', hash: 'SHA-256' },
false,
['sign', 'verify']
)
);
// Error: n.run is not a function
// at async ESMLoader.import (https://josestackblitzbugygfmqm-bi25.w-credentialless.staticblitz.com/blitz.9bdac2de468a4854f7bacb85c771c93d5676829b.js:6:1209138)
// at async i.loadESM (https://josestackblitzbugygfmqm-bi25.w-credentialless.staticblitz.com/blitz.9bdac2de468a4854f7bacb85c771c93d5676829b.js:6:246622)
// at async handleMainPromise (https://josestackblitzbugygfmqm-bi25.w-credentialless.staticblitz.com/blitz.9bdac2de468a4854f7bacb85c771c93d5676829b.js:6:989144)WebContainer is a Node.js runtime emulation at best. It lacks the crypto module internals necessary to run even the most basic of operations. That covers both the node:crypto module and the Node.js implementation of Web Crypto API.
There's nothing I can do to jose to make up for the fact that both the node:crypto module and WebCryptoAPI in stackblitz doesn't work as it should.
When the webcontainer/stackblitz/whatever is the proper designation matures to either have the Web APIs as global (and working) or a working node:crypto module you will be able to use jose.
samdenty
What happened?
SignJWT and VerifyJWT both fail in WebContainers.
In WebContainers Node's Crypto.webcrypto is equivalent to the browser's crypto. But it appears Jose uses Node's non-standard crypto methods instead when importing the Node module. Importing the browser module into WC, results in a 'crypto' not found message.
The ideal solution would be to make the Node module default or fallback to Crypto.webcrypto.
Version
v4.13.1
Runtime
Other (I will specify below)
Runtime Details
WebContainers
Code to reproduce
Required