Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fallback webcrypto to global #457

Closed
wants to merge 1 commit into from
Closed

Fallback webcrypto to global #457

wants to merge 1 commit into from

Conversation

sergiocarneiro
Copy link

Fallback to globalThis.crypto when node:crypto exists but crypto.webcrypto does not.

It also adds the ability to throw MissingWebCrypto when webcrypto is missing.

This change makes the getWebCrypto function more robust and able to work in more runtime setups (e.g. Cloudflare Workers with node_compat enabled).

@MasterKale
Copy link
Owner

MasterKale commented Oct 26, 2023
edited
Loading

This change makes the getWebCrypto function more robust and able to work in more runtime setups (e.g. Cloudflare Workers with node_compat enabled).

Hello @sergiocarneiro, I'm wondering what the exact problem is you were having with the current way of picking which WebCrypto to use. Are you trying to make globalThis.crypto the default the library tries to reach for Node's because it somehow causes issues with non-Node runtimes?

@sergiocarneiro
Copy link
Author

sergiocarneiro commented Oct 26, 2023
edited
Loading

I'm wondering what the exact problem is you were having with the current way of picking which WebCrypto to use.

Hello @MasterKale. In my Cloudflare Worker, I have Node polyfills enabled. I'm not sure if it's a bug from their platform or not, but I know that what ends up happening is an environment that:

  • has globalThis.crypto
  • allows imports of node:crypto
  • crypto.webcrypto is undefined

So without this change I submitted, using functions such as getRegistrationOptions throws the error "Cannot read properties of undefined (reading 'getRandomValues')" — the method is available through globalThis.crypto.

Are you trying to make globalThis.crypto the default?

Yes, and only override it if crypto.webcrypto is defined, not if node:crypto can be imported.

@CameronWhiteside
Copy link

+1 to this issue--would love to use this in a Cloudflare worker, but without @sergiocarneiro's updates, I'm also fully blocked with the same "Cannot read properties of undefined (reading 'getRandomValues')" issue.

@MasterKale MasterKale mentioned this pull request Oct 27, 2023
Merged
@MasterKale
Copy link
Owner

@sergiocarneiro Thank you for the contribution. I took a stab at solving this problem with #468, and I also managed to add test coverage around getWebCrypto() that should ensure support for runtimes like your CF worker w/Node compat. In particular this test should capture the nuance of the runtime issue you've been experiencing:

https://github.com/MasterKale/SimpleWebAuthn/pull/468/files#diff-6ac413926c71b2fbaa8af5cffcb57c492adf245dc0d0ec40ec6ba179c537debcR88-R119

Tests just passed over there so I'm going to merge and cut a release with this fix tomorrow.

@MasterKale MasterKale closed this Oct 27, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@sergiocarneiro @MasterKale @CameronWhiteside