TheJehy•5mo ago

Convex runtime does not support SecureRandom

I am trying to create tokens which I can use for auth. Docs say that crypto, CryptoKey, and SubtleCrypto are available. I think I'm only using those APIs, however... The following error is thrown from the dashboard when running my mutation.

[Request ID: a175daeb49a29da5] Server Error
Convex runtime does not support SecureRandom

[Request ID: a175daeb49a29da5] Server Error
Convex runtime does not support SecureRandom

crypto.subtle.importKey("jwk", keys.sig_private_key_doc, { name: 'ECDSA', namedCurve: 'P-256' }, false, ["sign"])

crypto.subtle.importKey("jwk", keys.sig_private_key_doc, { name: 'ECDSA', namedCurve: 'P-256' }, false, ["sign"])

I'm trying to debug this runtime issue. The full code of the mutation that's throwing the error is this:

const create_session = mutation({
    args: {},
    handler: async (ctx, args) => {
        const keys = (await ctx.db.query("auth").first())!
        const sig_private_key = crypto.subtle.importKey("jwk", keys.sig_private_key_doc, { name: 'ECDSA', namedCurve: 'P-256' }, false, ["sign"])

    },
})

const create_session = mutation({
    args: {},
    handler: async (ctx, args) => {
        const keys = (await ctx.db.query("auth").first())!
        const sig_private_key = crypto.subtle.importKey("jwk", keys.sig_private_key_doc, { name: 'ECDSA', namedCurve: 'P-256' }, false, ["sign"])

    },
})

What needs to change so I can do things like importKey, and verify JWTs without moving to actions?

2 Replies

lee•5mo ago

You caught the docs over-promising 🙃 . Convex doesn't support ECDSA because queries and mutations are deterministic. I think we'll implement these eventually but it takes some designing. In the meantime, is it possible to use a different algorithm for your jwt? People have had success with RSASSA-PKCS1-v1_5 for jwts, i believe

TheJehyOP•5mo ago

Oh okay 👍 Yeah I can try a different algorithm

Convex runtime does not support SecureRandom

Did you find this page helpful?