Description
What happened?
Following the implementation of nodejs/node#43310 (an issue I'm sure you're very familiar with 😄) in 18.4, Node.js dropped support for the NODE-ED25519
identifier. However, that's still being used in Cloudflare Workers, which doesn't support the newer Ed25519
identifier.
The jose
library correctly handles the CF Workers situation.
As you are likely familiar with, Miniflare is a "local emulator" for CF Workers, which uses Node.js and not V8.
Starting with Miniflare 2.7, the emulator automatically converts NODE-ED25519
keys to Ed25519
so it continues to work with Node.js 18.4+. cloudflare/miniflare#311
However, this causes a situation with jose so it doesn't work with Miniflare on Node.js 18.4+. jose has built-in detection for CF Workers, and it detects Miniflare as a CF Workers environment, and the EdDSA routines reject keys that have type Ed25519
.
Lines 74 to 77 in 0096c0a
This causes a runtime error CryptoKey does not support this operation, its algorithm.name must be NODE-ED25519
Version
v4.9.2
Runtime
Other (I will specify below)
Runtime Details
Miniflare 2.7.1 with Node.js 18.4+
Code to reproduce
// With Miniflare 2.7.0-2.7.1, code below fails with `CryptoKey does not support this operation, its algorithm.name must be NODE-ED25519` on Node.js 18.4+
// (On Node.js 18.3 will fail the validation because the JWT's payload is actually invalid - I removed PII)
import * as jose from 'jose'
;(async () => {
const token =
'eyJhbGciOiJFZERTQSIsImtpZCI6IjFobkZhY3A3bFJvRWgwcXI0MkZfcG1oeUo1QSJ9.eyJzY29wZSI6Im9wZW5pZCBvZmZsaW5lX2FjY2VzcyBwaC1hdXRoIiwic3ViIjoiMS5FUkszOGMyTnQ1TzZndXB2dG9ib3hBdXV2MDFBIiwiaXNzIjoiaHR0cDovLzEyNy4wLjAuMTo4Nzg3LyJ9.KSMCkroVwL7xi2N3_0ztLNJbVhIPN5JcYQTy9eGZ19XF_ByVrcDKjtlu2hVeHO5dgrbI9j28NCByzwZGsPQSCA'
const pk = {
alg: 'EdDSA',
crv: 'Ed25519',
kid: '1hnFacp7lRoEh0qr42F_pmhyJ5A',
kty: 'OKP',
use: 'sig',
x: 'R0v6Jjr8AmHDNYJp-TVL7YNC1GrRjmeKIiPGKTukHzg',
}
const jwks = jose.createLocalJWKSet({keys: [pk]})
const {payload} = await jose.jwtVerify(token, jwks, {
algorithms: ['EdDSA'],
clockTolerance: 300,
})
console.log(payload)
})()
Required
- I have searched the issues tracker and discussions for similar topics and couldn't find anything related.
- I agree to follow this project's Code of Conduct