oidc-client-js icon indicating copy to clipboard operation
oidc-client-js copied to clipboard

Published 20 hours ago verified publisher icon IdentityModel

Bundle size

Open ghost opened this issue 6 years ago • 11 comments

Bundle size is an issue here, part of it should be due to jsrsasign. We can take a look at the approach you can read here:

https://github.com/damienbod/angular-auth-oidc-client/issues/26

ghost avatar Aug 01 '18 07:08 ghost

I've spent a lot of time trying to address this. If you have an idea, propose what changes you'd make and we can consider a PR.

brockallen avatar Aug 01 '18 12:08 brockallen

I think the important part is this: https://github.com/manfredsteyer/angular-oauth2-oidc/pull/356/files#diff-c69098b368427091af11df3f48046300L112

Instead of using jsrsasign they are using crypto and TextEncoder (probably the polyfill).

It would be very interesting if we can decrease the bundle size with this approach. I will see if I can fit in looking at it.

jballe avatar Aug 13 '18 09:08 jballe

I'm more than happy to use web crypto here. The main thing is you'd need to provide an IE-compat polyfill.

brockallen avatar Aug 13 '18 12:08 brockallen

Agree, it will be another required polyfill. Can it be handled similar to babel-polyfill that you will need to add a polyfill if support for IE<11 is needed, eg. webcrypto-shim ?

I don't know if it should be included in the ~/dist and ~/lib bundles. (I don't need support for IE<11 in my projects but I know that others will need it)

We will also need the polyfill for TextEncoder but it is still way smaller than jsrsasign with webcrypto-shim being 10.9KB and text-encoding-shim 2.4KB (both without gzipping)

jballe avatar Aug 13 '18 12:08 jballe

I'll leave you to work on a PR then :)

brockallen avatar Aug 13 '18 14:08 brockallen

I have a look at this at the end of the month -- I'm busy until then.

brockallen avatar Sep 14 '18 22:09 brockallen

Aside from the replacement of jsrsasign, I wonder if this library should specify "module": "index.js" in package.json so that ES6 imports are used (for those using a bundler which understands it)?

mweibel avatar Nov 12 '18 10:11 mweibel

Aside from the replacement of jsrsasign, I wonder if this library should specify "module": "index.js" in package.json so that ES6 imports are used (for those using a bundler which understands it)?

Yes, this will be done in the next major version (#578), as it will be a breaking change.

brockallen avatar Nov 12 '18 16:11 brockallen

FYI: The removal of jsrsasign from angular-oauth2-oidc has been reverted by @manfredsteyer shortly after the major release that contained it, because some problems popped up. Probably nothing insurmountable, but something to watch out for nonetheless.

jeroenheijmans avatar Feb 25 '19 17:02 jeroenheijmans

Any updates on this?

chriskolenko avatar Mar 26 '20 15:03 chriskolenko

Any updates on this?

No sponsors have stepped up to back the work to focus on such features, and I'm too busy doing doing paid work.

brockallen avatar Mar 26 '20 15:03 brockallen