search

stackblitz / webcontainer-core

Dev environments. In your web app.
https://webcontainers.io
MIT License
3.89k stars 160 forks source link

Unable to verify a JWT using multiple libraries. #864

Open eatplaysleep opened 2 years ago

eatplaysleep commented 2 years ago

Describe the bug

I'm working on a project that helps to teach how to use OAuth. We would like to utilize Stackblitz as our main editing platform for training workshops we host so that attendees can take their app with them after building it and be able to build off it.

This app is just a prototype (for now).

I have attempted to use various different libraries in different implementations -- jsonwebtoken, njwt, express-jwt, etc. However, they all throw the same error:

TypeError: this[D].init is not a function
    at new Verify (https://github-ujyeet.w.staticblitz.com/blitz.3c06ff333fff62d153837b0d0df85b8ed07b008f.js:6:1136141)
    at Object.createVerify (https://github-ujyeet.w.staticblitz.com/blitz.3c06ff333fff62d153837b0d0df85b8ed07b008f.js:6:822486)
    at Object.verify (/home/projects/github-ujyeet/node_modules/jwa/index.js:162:27)
    at Object.jwsVerify [as verify] (/home/projects/github-ujyeet/node_modules/jws/lib/verify-stream.js:54:15)
    at eval (/home/projects/github-ujyeet/node_modules/jsonwebtoken/verify.js:127:19)
    at getSecret (/home/projects/github-ujyeet/node_modules/jsonwebtoken/verify.js:90:14)
    at module.exports (/home/projects/github-ujyeet/node_modules/jsonwebtoken/verify.js:94:10)
    at JwtVerifier.verifyToken (/server/jwtVerifier.js:226:37)
    at async verifyToken (/server/index.js:100:17)

I've narrowed it down to line 159 of lib/internal/crypto/sig.js -- it's a crypto issue. :(

It works locally.

I'm not experienced enough to know how or what to even do on this one. Hoping for some guidance/help as I'm loving the new webcontainers.

Link to the blitz that caused the error

https://stackblitz.com/edit/github-ujyeet?file=server/index.js&view=editor

Steps to reproduce

  1. Wait for project to load
  2. Open preview in a new Tab
  3. Click 'Login'
  4. User == testuser1@test.com / Pass == St@ckbl1tz
  5. Click on 'Try API' under the second heading (second button).
  6. Observe the error in the terminal.

Expected behavior

The 'Try API' should pass just like the first button (public API) does.

Parity with Local

Screenshots

No response

Platform

Browser name  = Chrome
Full version  = 106.0.0.0
Major version = 106
navigator.appName = Netscape
navigator.userAgent = Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
performance.memory = {
  "totalJSHeapSize": 254122838,
  "usedJSHeapSize": 233357702,
  "jsHeapSizeLimit": 4294705152
}
Hash = 3c06ff333fff62d153837b0d0df85b8ed07b008f

Additional context

No response

eatplaysleep commented 2 years ago

For an even easier way to replicate this, just run the following in the terminal:

crypto.createVerify('RSA-SHA256')
SamVerschueren commented 2 years ago

Hi @eatplaysleep. Thanks for reaching out. I've created an internal issue and linked this GitHub ticket so we can follow up. Currently I don't think there's much on your side that you can do I'm afraid.

andrewkmin commented 1 year ago

Hi @SamVerschueren, any update on this by chance? Currently experiencing something similar with the following

> crypto.createSign("SHA256");
Uncaught TypeError: this[D].init is not a function

Thanks!