DOMException while using hono/jwt module's sign
Opened this issue · 18 comments
What version of Hono are you using?
^4.2.3
What runtime/platform is your app running on?
Bun 1.0.3
What steps can reproduce the bug?
I am facing an issue using the hono/jwt module.
The below function is throwing an error
import { sign } from "hono/jwt";
import { SignatureKey } from "hono/utils/jwt/jws";
import { JWTPayload } from "hono/utils/jwt/types";
export async function signToken(payload: JWTPayload) {
const jwtSecret: SignatureKey = Bun.env.JWT_SECRET!;
const result = await sign(payload, jwtSecret, "ES256");
return result;
}
The exception was
DOMException {
line: 24,
column: 41,
sourceURL: "/Users/hono/dist/utils/jwt/jws.js",
stack: "importKey@[native code]\n@/Users/hono/dist/utils/jwt/jws.js:24:41\nimportPrivateKey@/Users/hono/dist/utils/jwt/jws.js:12:33\n@/Users/hono/dist/utils/jwt/jws.js:2:77\nsigning@/Users/hono/dist/utils/jwt/jws.js:1:24\n@/Users/hono/dist/utils/jwt/jwt.js:20:153\nsign@/Users/hono/dist/utils/jwt/jwt.js:19:19\n@/Users/src/utils.ts:6:28\nsignToken@/Users/src/utils.ts:1:33\n@/Users/src/auth.ts:137:35",
code: 0,
name: "DataError",
message: "Data provided to an operation does not meet requirements",
INDEX_SIZE_ERR: 1,
DOMSTRING_SIZE_ERR: 2,
HIERARCHY_REQUEST_ERR: 3,
WRONG_DOCUMENT_ERR: 4,
INVALID_CHARACTER_ERR: 5,
NO_DATA_ALLOWED_ERR: 6,
NO_MODIFICATION_ALLOWED_ERR: 7,
NOT_FOUND_ERR: 8,
NOT_SUPPORTED_ERR: 9,
INUSE_ATTRIBUTE_ERR: 10,
INVALID_STATE_ERR: 11,
SYNTAX_ERR: 12,
INVALID_MODIFICATION_ERR: 13,
NAMESPACE_ERR: 14,
INVALID_ACCESS_ERR: 15,
VALIDATION_ERR: 16,
TYPE_MISMATCH_ERR: 17,
SECURITY_ERR: 18,
NETWORK_ERR: 19,
ABORT_ERR: 20,
URL_MISMATCH_ERR: 21,
QUOTA_EXCEEDED_ERR: 22,
TIMEOUT_ERR: 23,
INVALID_NODE_TYPE_ERR: 24,
DATA_CLONE_ERR: 25,
toString: [Function: toString],
}
I use the private key by storing it in a .env file.
.env file content
JWT_SECRET=-----BEGIN PRIVATE KEY-----\nMHcCAQEEIH9XDGr9tm4CkJKspu2C3MJnFIrO7APXgEIuEfCJLShYoAoGCCqGSM49\nAwEHoUQDQgAE2ppj/fspp3OMUS4htI5XrJ3wd4bteEEJYzy9XKnVqlqgxi8JO3/E\nv5dtPcgiiYBMZIpV7KFPDcqYn+3EdXNs4w==\n-----END PRIVATE KEY-----
What is the expected behavior?
I expect the function to sign the payload.
What do you see instead?
DOMException {
line: 24,
column: 41,
sourceURL: "/Users/hono/dist/utils/jwt/jws.js",
stack: "importKey@[native code]\n@/Users/hono/dist/utils/jwt/jws.js:24:41\nimportPrivateKey@/Users/hono/dist/utils/jwt/jws.js:12:33\n@/Users/hono/dist/utils/jwt/jws.js:2:77\nsigning@/Users/hono/dist/utils/jwt/jws.js:1:24\n@/Users/hono/dist/utils/jwt/jwt.js:20:153\nsign@/Users/hono/dist/utils/jwt/jwt.js:19:19\n@/Users/src/utils.ts:6:28\nsignToken@/Users/src/utils.ts:1:33\n@/Users/src/auth.ts:137:35",
code: 0,
name: "DataError",
message: "Data provided to an operation does not meet requirements",
INDEX_SIZE_ERR: 1,
DOMSTRING_SIZE_ERR: 2,
HIERARCHY_REQUEST_ERR: 3,
WRONG_DOCUMENT_ERR: 4,
INVALID_CHARACTER_ERR: 5,
NO_DATA_ALLOWED_ERR: 6,
NO_MODIFICATION_ALLOWED_ERR: 7,
NOT_FOUND_ERR: 8,
NOT_SUPPORTED_ERR: 9,
INUSE_ATTRIBUTE_ERR: 10,
INVALID_STATE_ERR: 11,
SYNTAX_ERR: 12,
INVALID_MODIFICATION_ERR: 13,
NAMESPACE_ERR: 14,
INVALID_ACCESS_ERR: 15,
VALIDATION_ERR: 16,
TYPE_MISMATCH_ERR: 17,
SECURITY_ERR: 18,
NETWORK_ERR: 19,
ABORT_ERR: 20,
URL_MISMATCH_ERR: 21,
QUOTA_EXCEEDED_ERR: 22,
TIMEOUT_ERR: 23,
INVALID_NODE_TYPE_ERR: 24,
DATA_CLONE_ERR: 25,
toString: [Function: toString],
}
Additional information
I am quite confused why this is happening, I tried asking chatgpt, claude, none seem to work so far. All of them saying to check the format of the private key. But everything looks fine. Please help with this.
Thanks in advance.
Hi @yknevenky
You need to store your Key without \n inside your .env file. If you format it like this you should have no issues
JWT_SECRET="-----BEGIN PRIVATE KEY-----
MHcCAQEEIH9XDGr9tm4CkJKspu2C3MJnFIrO7APXgEIuEfCJLShYoAoGCCqGSM49
AwEHoUQDQgAE2ppj/fspp3OMUS4htI5XrJ3wd4bteEEJYzy9XKnVqlqgxi8JO3/E
v5dtPcgiiYBMZIpV7KFPDcqYn+3EdXNs4w==
-----END PRIVATE KEY-----"Hi @NicoPlyley, Thanks for your response.
I tried that as well. Still it's throwing the same thing.
I tested in Bun and I had no issues with it, did you try exactly what I pasted?
Yes @NicoPlyley , This doesn't work. When I try this with jsonwebtoken package. It works. I am getting the error only with hono/jwt.
My apologies @yknevenky you are correct, I had a different runtime running in the dev command. You are correct this is not working on Bun
So in Bun I am having an issue when using your RSA Key. When I use this one:
JWT_SECRET="-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgevZzL1gdAFr88hb2
OF/2NxApJCzGCEDdfSp6VQO30hyhRANCAAQRWz+jn65BtOMvdyHKcvjBeBSDZH2r
1RTwjmYSi9R/zpBnuQ4EiMnCqfMPWiZqB4QdbAd0E7oH50VpuZ1P087G
-----END PRIVATE KEY-----"There is no issue for me
Thanks for the confirmation @NicoPlyley, and I didn't use RSA key, mine is EC256. And so you are saying that when you use a RSA in the bun, you don't face an issue. But when you are using the key that I provided, it's having an issue? If so could you please try the same with your own EC256 key?
Ignore my bad terminology. I use ssh keys on the daily and call everything an RSA. The key I gave was generate with a p-256 curve. I pulled it off jwt.io to confirm if the key was bad or if it was related to bun or hono
I have just tried generating my own key and have had no issues. Here is how I did it
openssl ecparam -genkey -name prime256v1 | openssl pkcs8 -topk8 -nocrypt -outform pemApparently the key needs to be in PKCS#8 format. The code above will generate an EC key with a p-256 curve and covert it into the proper format
I did the same @NicoPlyley . I used the same p-256 thing, not working out with hono/jwt module. I finally went with using jsonwebtoken. Hope the hono team addresses this bug.
I have had issues with jsonwebtoken package on the past on Bun. I would consider Jose if you want to use an alternative
Oh no, but it's working good for me now. I think the issue is because of the packages have to support various runtimes. And seems like no one from the hono team hasn't seen this issue. Do you know whom to tag here to increase the visibility of this bug?
Hi @yknevenky
Hmm. If the error only occurs on Bun, then it is a Bun problem. Hono supports any runtime but does not want to change behavior depending on the runtime.
I've done a bunch of testing yesterday and found which Keys are working in other runtimes but not in Bun @yusukebe I'm away right now, but I will post my results when I get back home in a few days
@NicoPlyley Thanks a lot!
Hi @yknevenky
Hmm. If the error only occurs on Bun, then it is a Bun problem. Hono supports any runtime but does not want to change behavior depending on the runtime.
Oh I have posted the same on Bun repo. Let's see. Thanks @yusukebe for your response.
I've done a bunch of testing yesterday and found which Keys are working in other runtimes but not in Bun @yusukebe I'm away right now, but I will post my results when I get back home in a few days
If you share them here, I would include it in the issue that I have raised on Bun and mention you, if it's okay for you.
Sorry I was away for the week. I do believe it is a Bun issue like mentioned. I tested on CF Workers and Node and did not have any issues. If you want some more test information to add to your issue at Bun I can send it over but the key needs to be in PKCS#8 format for some reason.