issue with verifying password
i tried to look at the docs and source code of the password provider and tried this action to validate the password but i am getting an error:
Uncaught ReferenceError: crypto is not defined
12 Replies
Is this action running in the Convex runtime? Or in Node? (does it have "use node" at the top of the file)
I think
Scrypt
should work in the Convex runtime, but not sure about Nodeoh thank you, that was the issue, now it works.
but another issue comes because it doesn't work as expected. the hash function creates a different secret than the one created on user signup and stored in the db so the verify call fails
and that's because the hash function creates a new secret every time it gets called, but then how can someone verify the password? and what's the verify function for
A hash should create the same hash with the same input. Different input, different hash
i logged this three times in a row consecutive to each other and all of them where different
literally even trying to hash an hardcoded string returns 4 different hashes
@h4nto I think the reason is the salting. Every hash gets a different salt. For you to get the same hash you would need to give all the same salt
but how can i customise the salting of the password in the password provider?
i searched in the docs and the source code but cannot find it
isn't that verify the same as this? i mean, there is no documentation or anything about that, but i found the source code using this so i suppose it's the right one
but doesnt seem to work correctly
it's using Scrypt from lucia
the first is what they use when creating an account or updating a password. the second one is what's supposed to be used to verify password
i'm using their code but doesn't seem to work