I'm currently generating JWT using node-jsonwebtoken in Node 4. When I'm trying to upgrade to Node 8, I'm unable to sign a JWT generated in Node 4 (using same secret & payload, the signature is different). This is a problem as I don't want to invalidate older tokens.
The problem comes from the node-jwa library, a dependency node-jws which is a dependency of node-jsonwebtoken. I referenced the issue on GitHub, and as you can see the author of the module is able to reproduce the issue. Here is the code if you want to test:
const crypto = require('crypto');
const jwa = require('jwa');
const secret = crypto.createHash('sha256').update('secret').digest('binary');
const payload = {
uid: 'test',
iat: 1455988418,
iss: 'test'
};
const algo = jwa('HS256');
const sig = algo.sign(payload, secret);
console.log(sig);
// Node v4 => "_zPq9vDP4_Ve0mTVTF_9H3NRkluQhoR4yAg8X4yqR8Q"
// Node v6 => "hk9bpxID-HOmvNpJUy7x80KqT5JP8tb_BoAJLYVIYsE"
As I understood, the problem is that the default encoding for digests was changed to utf8 in v5/v6. In v4 and earlier it was binary.
Cf => github.com/nodejs/node/issues/6813
As the maintener of node-jwa is no longer replying, I'm trying to find a workaround as I really don't want to be sticked in Node 4 forever (which is no longer LTS).
I've tried to find where to modify the node-jwa library so that it can sign in Node 8 my token the same way as Node 4 did.
Seems the line affecting my problem is here in the library => github.com/brianloveswords/node-jwa/blob/master/index.js#L35
I've tried to make a few changes, but was unable to make this work...
If you have any idea of a good workaround,
Thank you very much!
Related
The problem
I am trying to use the scrypt and scryptSync functions from Node.js Crypto in my React app, running inside Electron v11.1.1.
const nodeCrypto = require('crypto');
// does not work
const kek = nodeCrypto.scryptSync('password', 'salt', 64).toString('hex');
I am faced with the error TypeError: nodeCrypto.scryptSync is not a function
Additional info
crypto.scryptSync was added to Node.js in version v10.5.0. I have Node.js v14.15.3:
~$ node -v
v14.15.3
I am able to use randomBytes from Node.js Crypto just fine:
// works fine
nodeCrypto.randomBytes(32).toString("hex");
I chose to assign crypto to the constant nodeCrypto because Chrome already contains a global called crypto, but this didn't improve the situation.
As ever, I am most grateful for your assistance.
--
I acknowledge that several instances of this question already exist on StackOverflow though they seem to be resolved by updating Electron. However, as I understand it, I am using the latest version of Electron (v11.1.1).
I am trying to sign in to firebase using a Google Id Token, as I'm developing an app that will be running on a raspberry pi, but when trying to sign in using the received token firebase crashes when using signInWithCredential. Here's my minimal reproducible example
var firebase = require("firebase/app");
require("firebase/auth");
const firebaseConfig = {
...
};
// Initialize Firebase
firebase.initializeApp(firebaseConfig);
const id_token = "A_GOOGLE_ID_TOKEN";
var credential = firebase.auth.GoogleAuthProvider.credential(id_token);
firebase.auth().signInWithCredential(credential);
and it crashes with
TypeError: this.f is not a constructor
at ai.a (C:\Dev\Crashing\node_modules\#firebase\auth\dist\auth.js:188:361)
at yh (C:\Dev\Crashing\node_modules\#firebase\auth\dist\auth.js:171:191)
at bi.o (C:\Dev\Crashing\node_modules\#firebase\auth\dist\auth.js:193:175)
at ji (C:\Dev\Crashing\node_modules\#firebase\auth\dist\auth.js:191:239)
at C:\Dev\Crashing\node_modules\#firebase\auth\dist\auth.js:197:181
at new C (C:\Dev\Crashing\node_modules\#firebase\auth\dist\auth.js:18:736)
at pi (C:\Dev\Crashing\node_modules\#firebase\auth\dist\auth.js:197:161)
at C:\Dev\Crashing\node_modules\#firebase\auth\dist\auth.js:209:203
at e.g (C:\Dev\Crashing\node_modules\#firebase\auth\dist\auth.js:22:101)
at Kb (C:\Dev\Crashing\node_modules\#firebase\auth\dist\auth.js:25:195)
I tried it with several valid ID Tokens, but it seems that part is actually not broken, the credential itself appears to be fine, because signInWithCredential dies the same way even when I pass an arbitrary string as the id_token.
What am I doing wrong? Or could it possibly be an issue with Firebase JS SDK itself?
I am working on Windows 10, ver. 1809, running Node v10.15.3 and firebase JS SDK 6.2.2 (npm firebase package).
EDIT: I tried Firebase JS SDK version 6.2.0 and the code worked as expected! There is a bug in version 6.2.2 though.
Firebase JS SDK 6.2.3 was just released today, and it fixes this bug:
https://firebase.google.com/support/release-notes/js#authentication
Look like this is the git commit that fixes it:
https://github.com/firebase/firebase-js-sdk/commit/728f4f54b4589c07a2d474deb94328a332c8fe39
I verified it with this mocha unit test:
const firebase = require('../../firebaseApp')
const chai = require('chai')
describe('firebase javascript sdk', () => {
// This unit test verifies that the error message is as expected,
// and not the error "this.f is not a constructor", which was caused
// by a bug in version 6.2.1, and fixed in versin 6.2.3.
// https://stackoverflow.com/questions/56716255/how-to-fix-typeerror-when-using-signinwithcredential-on-node-js-edit-bug-in-f
it('should be able to checkActionCode', () => {
return firebase.auth().checkActionCode('xyz')
.catch(error => {
// https://stackoverflow.com/questions/56716255/how-to-fix-typeerror-when-using-signinwithcredential-on-node-js-edit-bug-in-f
chai.assert.equal(error.message,
"The action code is invalid. This can happen if the code is malformed, expired, or has already been used.")
})
})
})
The Firebase client SDKs generally do not work with nodejs. Firebase Authentication depends heavily on running inside a web browser in order to work correctly.
If you're running node, you might want to consider just using the Firebase Admin SDK to access your project without having to sign in.
Eventbrite has an official sdk for their API.
According to docs, installing and using should be easy:
const eventbrite = require('eventbrite');
// Create configured Eventbrite SDK
const sdk = eventbrite({token: 'OATH_TOKEN_HERE'});
sdk.request('/users/me').then(res => {
// handle response data
});
However this does not work, I get an error "eventbrite is not a function" when trying to crate the sdk object.
In fact, if I log what's in require('eventbrite') this is all I get:
const eventbrite = require('eventbrite');
console.log(JSON.stringify(eventbrite));
// {
// "PAGE_KEY": "page",
// "CONTINUATION_KEY": "continuation"
// }
I have probably got something really wrong here, is there an extra step I need to take after installing via npm?
I figured it out, for this to work you gotta do:
const eventbrite = require('eventbrite').default;
I figure this has something to do with the way Node is managing requires in later versions (10, in my case).
I am using xero as my accounting software. I have one requirement that part of my application need to be integrated with xero to perform automation. Using the nodejs sdk seems so easy, but the fact is i cannot connect to xero even using the simplest example. Here is the code:
const xero = require('xero-node');
const config = {
"userAgent": "Firefox",
"consumerKey": "<MY_CONSUMER_KEY>",
"consumerSecret": "<MY_CONSUMER_SECRET>",
"privateKeyPath": "./privatekey.pem"
};
const xeroClient = new xero.PrivateApplication(config);
xeroClient.core.contacts.getContacts()
.then(contacts => {
console.log(contacts);
}).catch(err => {
console.log(err);
});
The code does nothing and prints no error. Anyone ever deal with this problem?
The most likely reason is that your privatekey is invalid. If you put these lines(https://github.com/XeroAPI/xero-node/pull/169/files) into your module then it will check it first.
You could also copy a few of those lines and validate your privateKey.
At the moment the SDK swallows the exception when the key is invalid.
Also, please make sure you are running server side - not browser side.
Solved. I need to add following code:
if (config.privateKeyPath && !config.privateKey)
config.privateKey = fs.readFileSync(config.privateKeyPath);
My SuiteScript Service MyService.Service.ss file is attempting to use the Node.js library Crypto but I get the error Error: No crypto when I run my service.
Does the Node.js version that SCA uses not have the Crypto library installed? Do I need to explicitly add Crypto as a dependency to distro.json? If so where? Do I need to install Crypto? If so, any advice how - I'm new to Node.js.
I am using pretty much standard Crypto functions, see below for the code that causes the problem:
function service (request)
{
'use strict';
var crypto = require('crypto'); // Error here
var token = crypto.createHmac('md5', public_key)
.update(private_key)
.digest('hex');
...
}
Netsuite doesn't use the V8 engine so you are pretty much out of luck with crypto.
I've used Paul Johnston's md5 package for hmac calc for years and it is fast enough and interoperates well. Name says MD5 but it includes SHA-1,256,512 as well.