Implement KeyObject (node:crypto)

[Jarred-Sumner]

This blocks the popular jsonwebtoken module.

From Discord:

https://discord.com/channels/876711213126520882/887787428973281300/1073538772840480789

[ceopaludetto]

Any updates? This blocks @nestjs/jwt module as well

[chen-rn]

I believe this is also blocking all Firebase projects at the moment :(

[endel]

firebase-admin seems to be affected too:

Error: Right hand side of instanceof is not an object
    at new FirebaseError (node_modules/firebase-admin/lib/utils/error.js:30:13)
    at new PrefixedFirebaseError (node_modules/firebase-admin/lib/utils/error.js:65:12)
    at new FirebaseAuthError (node_modules/firebase-admin/lib/utils/error.js:154:13)
    at mapJwtErrorToAuthError (node_modules/firebase-admin/lib/auth/token-verifier.js:273:104)
    at <anonymous> (node_modules/firebase-admin/lib/auth/token-verifier.js:246:9)
    at processTicksAndRejections (:1:1302)

[ehuff700]

What needs to be done for this to get fixed? This has been broken since Feb of this year lol.

[gingermusketeer]

Digging into this a little I found that the existing node crypto is implemented here.

Looking at the code in node for crypto it looks like the web standard class CryptoKey which is available in Bun is implemented as a thin wrapper around KeyObject. Perhaps the reverse could be implemented and Bun could expose KeyObject as a thin wrapper around CryptoKey.

Would this be a sane approach?

[ehuff700]

@gingermusketeer I feel like the better option would be to migrate away from crypto-browserify and simply re export everything in node:crypto until Bun can natively support those APIs. If I understand the purpose of node-fallbacks it's to provide wrappers for default node APIs where bun doesn't have support (please correct me if I am I in err)

[gingermusketeer]

re export everything in node:crypto

@ehuff700 how would this work? I don't think node:crypto is accessible from bun.

[skeie]

It also blocks passport-magic-login

[iturgeonK]

I figured I might as well link to the source, the screenshot in the report is referencing this line in jsonwebtoken (https://github.com/auth0/node-jsonwebtoken/blob/master/sign.js#L114), which is the same reson I landed here.

There is also an issue on jsonwebtoken pertaining to compatability with bun: auth0/node-jsonwebtoken#939

[carlos12fds151]

Waiting for this

[andres-linares]

Waiting too

[josebruno2020]

Waiting too. I came because of jsonwebtoken module

[Neiz-Kap]

I answered here and it may help you:
auth0/node-jsonwebtoken#863 (comment)

[diavrank]

Same issue here from my Nestjs app

    err: {
      "type": "Error",
      "message": "\u001b[38;5;3m[GlobalExceptionFilter] \u001b[39m\u001b[35mGET: \u001b[0m\u001b[31mRight hand side of instanceof is not an object\u001b[39m\n{\n    \"domain\": \"\",\n    \"identifier\": \"/accounts/me\"\n}",
      "stack":
          TypeError: Right hand side of instanceof is not an object
              at /Users/myuser/Projects/nestjs/api/node_modules/jsonwebtoken/verify.js:120:10
              at getSecret (/Users/myuser/Projects/nestjs/api/node_modules/jsonwebtoken/verify.js:96:51)
              at /Users/myuser/Projects/nestjs/api/node_modules/jsonwebtoken/verify.js:101:7
              at /Users/myuser/Projects/nestjs/api/node_modules/passport-jwt/lib/verify_jwt.js:3:59
              at /Users/myuser/Projects/nestjs/api/node_modules/passport-jwt/lib/strategy.js:104:16
              at /Users/myuser/Projects/nestjs/api/node_modules/passport-jwt/lib/strategy.js:39:42
              at /Users/myuser/Projects/nestjs/api/node_modules/passport-jwt/lib/strategy.js:99:8
              at attempt (/Users/myuser/Projects/nestjs/api/node_modules/passport/lib/middleware/authenticate.js:369:8)
              at authenticate (/Users/myuser/Projects/nestjs/api/node_modules/passport/lib/middleware/authenticate.js:369:8)
              at /Users/myuser/Projects/nestjs/api/node_modules/@nestjs/passport/dist/auth.guard.js:95:63
              at new Promise (:1:21)
              at /Users/myuser/Projects/nestjs/api/node_modules/@nestjs/passport/dist/auth.guard.js:88:8
              at /Users/myuser/Projects/nestjs/api/node_modules/@nestjs/passport/dist/auth.guard.js:49:24
              at fulfilled (/Users/myuser/Projects/nestjs/api/node_modules/@nestjs/passport/dist/auth.guard.js:16:68)
              at processTicksAndRejections (:55:77)
    }

Is there an estimated date for the fix? I just wanna know when to continue with the migration from Node to Bun.

[Zack-Heisnberg]

and i am done already from bun sadly :') ,

No firebase
No nestjs
No jsonwebtoken
so it's kinda useless as it is now +80%of projects need this and the issue since feb with +1.7K issues

bun need sponsores and more contributions :') , had to go back to node & pnpm

[chen-rn]

bun need sponsores and more contributions :') , had to go back to node & pnpm

The PNPM/package manager side of bun should still work well! bun install is quite a bit faster than pnpm with the only notable caveat being storage cost. Though I personally have a habit of clearing old projects and cloning them from Github anyway so it doesn't matter too much for me!

[coding-agent]

Hi,

I have the same issue using NestJS, It was working with node before migrating to bun.

I ran "bun i @nestjs/jwt@9.0.0" an it worked! I believe it might work for most of the previous issues related to nestjs commented too. Also I needed to downgrade passwort-jwt with "bun i passport-jwt@4.0.0"

Hope this comment helps.

Thank you :)

[pedrohaccorsi]

any news here? Im facing the same issue with bun and jsonwebtoken :c

[fahadali503]

Hi,

I have the same issue using NestJS, It was working with node before migrating to bun.

I ran "bun i @nestjs/jwt@9.0.0" an it worked! I believe it might work for most of the previous issues related to nestjs commented too. Also I needed to downgrade passwort-jwt with "bun i passport-jwt@4.0.0"

Hope this comment helps.

Thank you :)

It worked, thank you

[diavrank]

It worked for me as well!!

[diavrank]

False :/ , I just realized that I ran the wrong command:

"start:dev": "NODE_ENV=localdev nest start --watch \"bun run\"",

It was missing the --exec flag . It seems the problem comes from passport-jwt dependency which is needed for @nestjs/passport

[carlos12fds151]

I'm using jose with Elysia and is working well for me

`import * as jose from 'jose';

const secret = new TextEncoder().encode('123456...EXAMPLE')

export const sign = async (payload: any, expiration: string) => {

const alg = 'HS256'
  
const jwt = await new jose.SignJWT({ payload })
    .setProtectedHeader({ alg })
    .setExpirationTime(expiration)
    .sign(secret)
  
return jwt;

};

export const verify = async (token: any) => {
try {
if (!token) return 'Token Expired';

    const verified:any = await jose.jwtVerify(token, secret);

    return verified.payload;

} catch (error) {
    return 'Token Expired';
}

}

export const jwtMiddleware = async (req: any) => {
const authorizationHeader = req.headers['authorization'];

if (!authorizationHeader || !authorizationHeader.startsWith('Bearer ')) {
    return new Response(JSON.stringify({ 'error': 'Unauthorized' }), { status: 401, headers: {
        'Content-Type': 'application/json',
    }});
}

const token = authorizationHeader.substring(7);

const verified:any = await verify(token);

if (verified === 'Token Expired') {
    return new Response(JSON.stringify({ 'error': 'Unauthorized' }), { status: 401, headers: {
        'Content-Type': 'application/json',
    }});
}

}`

[tonyea]

Switched to a different jwt library: https://www.npmjs.com/package/njwt

[coding-agent]

Switched to a different jwt library: https://www.npmjs.com/package/njwt

It seem to be a good solution too.

The problem is that some important dependencies use jsonwebtoken in the background like "@nest/jsonwebtoken", "passport-jwt", "firebase-admin", "express-jwt" which impacts some projects.

[andres-linares-int]

Exactly. I am using passport in one of my projects and I had to use a custom strategy using jose instead of passport-jwt.
This ended up being kinda simple but I imagine some situations where a custom implementation is not feasible...

[tonyea]

Switched to a different jwt library: https://www.npmjs.com/package/njwt

It seem to be a good solution too.

The problem is that some important dependencies use jsonwebtoken in the background like "@nest/jsonwebtoken", "passport-jwt", "firebase-admin", "express-jwt" which impacts some projects.

Exactly. I am using passport in one of my projects and I had to use a custom strategy using jose instead of passport-jwt. This ended up being kinda simple but I imagine some situations where a custom implementation is not feasible...

Yea, even njwt borked for me on build. Jose seems to work for now.

[muchekechege]

bun sucks.Errors everywhere bcrypto not working jwt and even spinning multiple a cluster

[DWboutin]

@tonyea did you use passport-jwt in your project? I used jose to sign my token, but when verifying it with passport.authenticate('jwt', { session: false }), it does

TypeError: Right hand side of instanceof is not an object
    at <anonymous> (/Users/mikaelboutin/Desktop/coding/bun-backend/node_modules/jsonwebtoken/verify.js:120:10)
    at getSecret (/Users/mikaelboutin/Desktop/coding/bun-backend/node_modules/jsonwebtoken/verify.js:96:51)
    at <anonymous> (/Users/mikaelboutin/Desktop/coding/bun-backend/node_modules/jsonwebtoken/verify.js:101:7)
    at <anonymous> (/Users/mikaelboutin/Desktop/coding/bun-backend/node_modules/passport-jwt/lib/verify_jwt.js:3:59)
    at <anonymous> (/Users/mikaelboutin/Desktop/coding/bun-backend/node_modules/passport-jwt/lib/strategy.js:104:20)
    at <anonymous> (/Users/mikaelboutin/Desktop/coding/bun-backend/node_modules/passport-jwt/lib/strategy.js:39:42)
    at <anonymous> (/Users/mikaelboutin/Desktop/coding/bun-backend/node_modules/passport-jwt/lib/strategy.js:99:12)
    at attempt (/Users/mikaelboutin/Desktop/coding/bun-backend/node_modules/passport/lib/middleware/authenticate.js:369:8)
    at authenticate (/Users/mikaelboutin/Desktop/coding/bun-backend/node_modules/passport/lib/middleware/authenticate.js:369:8)
   ...

[danny-avila]

Exactly. I am using passport in one of my projects and I had to use a custom strategy using jose instead of passport-jwt. This ended up being kinda simple but I imagine some situations where a custom implementation is not feasible...

Do you mind sharing this? working on my own right now

[tonyea]

@tonyea did you use passport-jwt in your project? I used jose to sign my token, but when verifying it with passport.authenticate('jwt', { session: false }), it does

TypeError: Right hand side of instanceof is not an object
    at <anonymous> (/Users/mikaelboutin/Desktop/coding/bun-backend/node_modules/jsonwebtoken/verify.js:120:10)
    at getSecret (/Users/mikaelboutin/Desktop/coding/bun-backend/node_modules/jsonwebtoken/verify.js:96:51)
    at <anonymous> (/Users/mikaelboutin/Desktop/coding/bun-backend/node_modules/jsonwebtoken/verify.js:101:7)
    at <anonymous> (/Users/mikaelboutin/Desktop/coding/bun-backend/node_modules/passport-jwt/lib/verify_jwt.js:3:59)
    at <anonymous> (/Users/mikaelboutin/Desktop/coding/bun-backend/node_modules/passport-jwt/lib/strategy.js:104:20)
    at <anonymous> (/Users/mikaelboutin/Desktop/coding/bun-backend/node_modules/passport-jwt/lib/strategy.js:39:42)
    at <anonymous> (/Users/mikaelboutin/Desktop/coding/bun-backend/node_modules/passport-jwt/lib/strategy.js:99:12)
    at attempt (/Users/mikaelboutin/Desktop/coding/bun-backend/node_modules/passport/lib/middleware/authenticate.js:369:8)
    at authenticate (/Users/mikaelboutin/Desktop/coding/bun-backend/node_modules/passport/lib/middleware/authenticate.js:369:8)
   ...

Sorry no, didn't use passport so wouldn't have good advice

[userunknownn]

I figured I might as well link to the source, the screenshot in the report is referencing this line in jsonwebtoken (https://github.com/auth0/node-jsonwebtoken/blob/master/sign.js#L114), which is the same reson I landed here.

There is also an issue on jsonwebtoken pertaining to compatability with bun: auth0/node-jsonwebtoken#939

Downgrading jwt to 8.5.1 worked for me, just as @AlexRoosWork replied on that issue

[skeie]

Upgraded to bun 1.06 and it seems to be solved 🎉 ref #5940