Usage in edge environments - Cloudflare workers, Vercel edge

[rakeshpai]

I'm trying to use this lib in an edge runtime using next.js's Edge runtime, which like the browser has a global crypto object, and not an importable module for crypto. This is also how Cloudflare Workers behaves, and I believe this is part of the WinterCG common minimum API.

The issue is that the code in toolbox.ts imports the "crypto" module, which doesn't exist in such environments.

fido2-lib/lib/toolbox.js

Lines 22 to 38 in 9da9eb9

	import * as platformCrypto from "crypto";
	import * as peculiarCrypto from "@peculiar/webcrypto";
	let webcrypto;
	if ((typeof self !== "undefined") && "crypto" in self) {
	// Always use crypto if available natively (browser / Deno)
	webcrypto = self.crypto;
	} else {
	// Always use node webcrypto if available ( >= 16.0 )
	if(platformCrypto && platformCrypto.webcrypto) {
	webcrypto = platformCrypto.webcrypto;
	} else {
	// Fallback to @peculiar/webcrypto
	webcrypto = new peculiarCrypto.Crypto();
	}
	}

It seems that the node.js crypto module is only used in these lines and nowhere else in this package.

While I'm not familiar with @peculiar/webcrypto, it seems that it exists solely for this purpose - to provide an abstraction over such issues and always point to the natively supported crypto implementation. I might be wrong about this - again, not familiar with @peculiar/webcrypto.

Could you consider not importing the native crypto module, and instead just using the @peculiar/webcrypto module? The implication of this is that lines 31-34 above will go away, and when using node.js, all calls to the crypto module will always go through @peculiar/webcrypto, thus supporting a larger number of runtimes.

[JamesCullum]

Hey rakeshpai, thanks for the question. Basically the module tries to import the native and global crypto (L26), and has two layers of fallbacks if this is not supported - first using a platform-specific crypto, and then using JS emulation.

So if your environment has one of the fallbacks before @peculiar/webcrypto, it will use those and should never use peculiar.

Do you maybe have a simple example for an environment where this code leads to issues?