authgear
Return more friendly error message in SDK if HTTPS/secure contexts is not in used
Problem
The SDK uses a browser API SubtleCrypto: digest() that requires HTTPS.
If HTTPS cannot be enabled in the environment,
"secure contexts" can be used - see MDN doc, i.e. 127.0.0.1, localhost or *.localhost
If HTTP is used with the SDK, developers will encounter errors in their browser and cannot initialize authentication.
Our SDKs now do not handle this specific error and a raw error from the browser is shown, which is very difficult for the developers to understand what happened and how to solve the issue.
Solution
Detect this error and throw a better error message, and point to our an article about this issue in the doc
The error message should be like
window.crypto.subtle is only available in secure contexts (HTTPS). For details, please visit [link to our doc]
and then in our doc page, we tell the user the actionable (use HTTPS, or localhost), with some reference to MDN https://developer.mozilla.org/en-US/docs/Web/API/Crypto/subtle and https://developer.mozilla.org/en-US/docs/Web/Security/Secure_Contexts
![linear[bot] avatar](https://avatars.githubusercontent.com/in/20150?v=4 "Published by a pub.dev verified publisher"){kind=small}
@pius can you plan a doc article for this issue?
The developer is seeing TypeError: Cannot read properties of undefined (reading 'digest') now if they use HTTP with the SDK, we want to fix it by throwing a more friendly error message. Which will lead them to a documentation explaining the actionables
