I'm trying to use this lib in an edge runtime using next.js's Edge runtime, which like the browser has a global crypto object, and not an importable module for crypto. This is also how Cloudflare Workers behaves, and I believe this is part of the WinterCG common minimum API.
The issue is that the code in toolbox.ts imports the "crypto" module, which doesn't exist in such environments.
|
import * as platformCrypto from "crypto"; |
|
import * as peculiarCrypto from "@peculiar/webcrypto"; |
|
let webcrypto; |
|
if ((typeof self !== "undefined") && "crypto" in self) { |
|
// Always use crypto if available natively (browser / Deno) |
|
webcrypto = self.crypto; |
|
|
|
} else { |
|
// Always use node webcrypto if available ( >= 16.0 ) |
|
if(platformCrypto && platformCrypto.webcrypto) { |
|
webcrypto = platformCrypto.webcrypto; |
|
|
|
} else { |
|
// Fallback to @peculiar/webcrypto |
|
webcrypto = new peculiarCrypto.Crypto(); |
|
} |
|
} |
It seems that the node.js crypto module is only used in these lines and nowhere else in this package.
While I'm not familiar with @peculiar/webcrypto, it seems that it exists solely for this purpose - to provide an abstraction over such issues and always point to the natively supported crypto implementation. I might be wrong about this - again, not familiar with @peculiar/webcrypto.
Could you consider not importing the native crypto module, and instead just using the @peculiar/webcrypto module? The implication of this is that lines 31-34 above will go away, and when using node.js, all calls to the crypto module will always go through @peculiar/webcrypto, thus supporting a larger number of runtimes.
I'm trying to use this lib in an edge runtime using next.js's Edge runtime, which like the browser has a global crypto object, and not an importable module for crypto. This is also how Cloudflare Workers behaves, and I believe this is part of the WinterCG common minimum API.
The issue is that the code in
toolbox.tsimports the"crypto"module, which doesn't exist in such environments.fido2-lib/lib/toolbox.js
Lines 22 to 38 in 9da9eb9
It seems that the node.js crypto module is only used in these lines and nowhere else in this package.
While I'm not familiar with
@peculiar/webcrypto, it seems that it exists solely for this purpose - to provide an abstraction over such issues and always point to the natively supported crypto implementation. I might be wrong about this - again, not familiar with@peculiar/webcrypto.Could you consider not importing the native crypto module, and instead just using the
@peculiar/webcryptomodule? The implication of this is that lines 31-34 above will go away, and when using node.js, all calls to thecryptomodule will always go through@peculiar/webcrypto, thus supporting a larger number of runtimes.