Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Version 9.0.0 - sign function throws error on frontend (in browser) #863

Open
dawidreedsy opened this issue Dec 22, 2022 · 11 comments
Open

Version 9.0.0 - sign function throws error on frontend (in browser) #863

dawidreedsy opened this issue Dec 22, 2022 · 11 comments

Comments

@dawidreedsy
Copy link

dawidreedsy commented Dec 22, 2022
edited
Loading

Description

When trying to use jsonwebtoken sign function on the frontend it throws error:

    TypeError: Right-hand side of 'instanceof' is not an object
        at module.exports [as sign] (webpack://@jwtcreator/creator/./node_modules/jsonwebtoken/sign.js?:109:58)

it looks like this is this if:

  if (secretOrPrivateKey != null && !(secretOrPrivateKey instanceof KeyObject))

Reproduction

Just call sign function in the browser

Environment

"jsonwebtoken": "^9.0.0"
Chrome version: Version 108.0.5359.124 (Official Build) (arm64)
@dawidreedsy dawidreedsy changed the title sign function throws error on frontend (in browser) Version 9.0.0 - sign function throws error on frontend (in browser) Dec 22, 2022
@panva
Copy link
Contributor

panva commented Dec 22, 2022
edited
Loading

jsonwebtoken is a Node.js module, its use in a browser was never intended. Versions before 9.0.0 could use webpack's polyfill of the Node.js built-in modules. This most likely a) relied on slow js cryptography that isn't maintained anymore and lacks feature parity with Node's crypto and b) increased your js bundle size considerably. FWIW webpack 5 also no longer defaults to using these questionable crypto polyfills anymore.

It is better to rely on JWT modules made to be consumed in browser environments. You can discover such modules on jwt.io under "JavaScript" libraries.

@garypotato
Copy link

I had the same issue that's because I am using Node.js v8, which doesn't include KeyObject in 'crypto' module. There are two ways to fix this issue: 1) update your node version to above v11; 2) don't use the latest version of jsonwebtoken.

@Earle-Poole
Copy link

Earle-Poole commented Jan 10, 2023
edited
Loading

I'm seeing a similar error after upgrading from 8.5.1 to 9.0.0 in my test suite. I think it's because I'm using a signing method that's not listed in the table at the bottom here: https://github.com/auth0/node-jsonwebtoken/wiki/Migration-Notes:-v8-to-v9

I'll report back once I try moving over to a listed one

@DaphneChang
Copy link

DaphneChang commented Jan 11, 2023
edited
Loading

**Update Node verson to v12.0.0+ works for me, hope it can help you

@digitaldogsbody digitaldogsbody mentioned this issue Jan 13, 2023
Closed
@Uzlopak
Copy link

Uzlopak commented Jan 15, 2023

KeyObject is part of node 12 crypto library. The polyfills dont have that Object.

This was referenced Jan 17, 2023
Closed
Merged
@darioackermann
Copy link

darioackermann commented Jan 19, 2023
edited
Loading

Update Node verson to V12.0+ works for me, hope it can help you

In addition to this, when using node with version 18, jsonwebtoken v.9 will not work anymore in browsers. At least not in Edge/Chrome

@FossPrime FossPrime mentioned this issue Feb 7, 2023
Closed
@francois2metz francois2metz mentioned this issue Feb 21, 2023
Closed
1 task
@bornkiraupgrade
Copy link

Update Node verson to V12.0+ works for me, hope it can help you

In addition to this, node with version 18 will not work anymore in browsers. At least not in Edge/Chrome

So, does that mean if I am using node 18+ version, I cannot use msal-node library and have to look for an alternative? Kindly suggest if that is the case.

@darioackermann
Copy link

I have edited my comment to avoid confusion.

Update Node verson to V12.0+ works for me, hope it can help you

In addition to this, node with version 18 will not work anymore in browsers. At least not in Edge/Chrome

So, does that mean if I am using node 18+ version, I cannot use msal-node library and have to look for an alternative? Kindly suggest if that is the case.

I have edited my comment to avoid confusion. As far as I see, msal-node is not using jsonwebtoken.

@bornkiraupgrade
Copy link

It is using jsonwebtoken. Pasting the error which has the stack trace to show msal-node calling jsonwebtoken files :

TypeError: Right-hand side of 'instanceof' is not an object
2023-02-24T12:15:51.8277499Z at Object.module.exports [as sign] (D:\a_tasks\EsrpRelease_be2a31a6-134a-482d-a926-deef3349ffca\4.0.12\node_modules\jsonwebtoken\sign.js:108:58)
2023-02-24T12:15:51.8278567Z at ClientAssertion.createJwt (D:\a_tasks\EsrpRelease_be2a31a6-134a-482d-a926-deef3349ffca\4.0.12\node_modules@azure\msal-node\dist\msal-node.cjs.development.js:2255:29)
2023-02-24T12:15:51.8279942Z at ClientAssertion.getJwt (D:\a_tasks\EsrpRelease_be2a31a6-134a-482d-a926-deef3349ffca\4.0.12\node_modules@azure\msal-node\dist\msal-node.cjs.development.js:2219:19)
2023-02-24T12:15:51.8281354Z at ConfidentialClientApplication.getClientAssertion (D:\a_tasks\EsrpRelease_be2a31a6-134a-482d-a926-deef3349ffca\4.0.12\node_modules@azure\msal-node\dist\msal-node.cjs.development.js:1924:39)
2023-02-24T12:15:51.8282834Z at ConfidentialClientApplication.buildOauthClientConfiguration (D:\a_tasks\EsrpRelease_be2a31a6-134a-482d-a926-deef3349ffca\4.0.12\node_modules@azure\msal-node\dist\msal-node.cjs.development.js:1908:54)
2023-02-24T12:15:51.8283947Z at process._tickCallback (internal/process/next_tick.js:68:7)

@jrhoads jrhoads mentioned this issue Jun 14, 2023
Open
This was referenced Jul 5, 2023
Closed
Open
@skylermcnamee-hibc skylermcnamee-hibc mentioned this issue Sep 8, 2023
Merged
3 tasks
@Neiz-Kap
Copy link

I found this option here and this's helped me!
Use:

const jwt = require('jsonwebtoken'); 
// instead of 
import jwt from 'jsonwebtoken'

@Neiz-Kap Neiz-Kap mentioned this issue Sep 20, 2023
Closed
@lakshmankashyap
Copy link

This help me
npm i jwt-decode

darazux pushed a commit to darazux/next-market that referenced this issue Dec 22, 2023
@idnats
* fix using jwt.verify in server side api.
94dc2e8 
  - auth0/node-jsonwebtoken#863
@afnx afnx mentioned this issue Feb 22, 2024
Closed
6 tasks
Open
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
10 participants
@panva @Uzlopak @DaphneChang @lakshmankashyap @darioackermann @Earle-Poole @Neiz-Kap @garypotato @dawidreedsy @bornkiraupgrade