Problem
The seeded onboarding pages (signin.html, welcome.html, account.html) import solid-oidc@0.0.8, which needs crypto.randomUUID (Chromium 92+, secure-context) and crypto.subtle (PKCE SHA-256 + DPoP). On de-Googled Android phones the Android System WebView is often stale (it updates via the Play Store, which isn't installed), so crypto.randomUUID is missing — and sign-in dies at the welcome → sign-in step with a cryptic:
crypto.randomUUID is not a function
This blocks the Solid-Pod-on-a-de-Googled-phone path (the whole point of the Android build).
Repro
De-Googled phone → jspod pod → welcome → "sign in" → crash (no useful message).
Fix (page-level, quick)
Polyfill crypto.randomUUID via crypto.getRandomValues (broadly supported, not secure-context-gated) before the solid-oidc module import, in all three onboarding pages. (signin.html already patched locally:)
<script>
if (typeof crypto !== 'undefined' && crypto.getRandomValues && !crypto.randomUUID) {
crypto.randomUUID = function () {
var b = crypto.getRandomValues(new Uint8Array(16));
b[6] = (b[6] & 0x0f) | 0x40; b[8] = (b[8] & 0x3f) | 0x80;
var h = []; for (var i = 0; i < 16; i++) h.push((b[i] + 0x100).toString(16).slice(1));
return h[0]+h[1]+h[2]+h[3]+'-'+h[4]+h[5]+'-'+h[6]+h[7]+'-'+h[8]+h[9]+'-'+h[10]+h[11]+h[12]+h[13]+h[14]+h[15];
};
}
</script>Add the same to welcome.html (restores session on load → can call randomUUID) and account.html.
Caveat
This fixes only randomUUID. solid-oidc also needs crypto.subtle for PKCE/DPoP, which old WebViews / non-secure contexts lack and which can't be cheaply polyfilled (DPoP = real ECDSA key-gen/sign). So if subtle is also missing, sign-in still fails — the durable fix there is a modern browser. (subtle is the older API, so on a localhost secure context it's usually present and the polyfill is enough.)
Deployment
These pages are seeded to the Android pod from jspod@${JSPOD_PAGES_VERSION} via jsDelivr (overwrite=true), so the fix reaches devices via: republish jspod → bump JSPOD_PAGES_VERSION in js-pod/android → rebuild APK (re-seeds the patched pages on next launch).
Also (device-level)
Ship/keep a modern browser in the de-Googled phone image — the real fix for the crypto.subtle requirement.
Related
Problem
The seeded onboarding pages (
signin.html,welcome.html,account.html) importsolid-oidc@0.0.8, which needscrypto.randomUUID(Chromium 92+, secure-context) andcrypto.subtle(PKCE SHA-256 + DPoP). On de-Googled Android phones the Android System WebView is often stale (it updates via the Play Store, which isn't installed), socrypto.randomUUIDis missing — and sign-in dies at the welcome → sign-in step with a cryptic:This blocks the Solid-Pod-on-a-de-Googled-phone path (the whole point of the Android build).
Repro
De-Googled phone → jspod pod → welcome → "sign in" → crash (no useful message).
Fix (page-level, quick)
Polyfill
crypto.randomUUIDviacrypto.getRandomValues(broadly supported, not secure-context-gated) before the solid-oidc module import, in all three onboarding pages. (signin.htmlalready patched locally:)Add the same to
welcome.html(restores session on load → can callrandomUUID) andaccount.html.Caveat
This fixes only
randomUUID. solid-oidc also needscrypto.subtlefor PKCE/DPoP, which old WebViews / non-secure contexts lack and which can't be cheaply polyfilled (DPoP = real ECDSA key-gen/sign). So ifsubtleis also missing, sign-in still fails — the durable fix there is a modern browser. (subtleis the older API, so on alocalhostsecure context it's usually present and the polyfill is enough.)Deployment
These pages are seeded to the Android pod from
jspod@${JSPOD_PAGES_VERSION}via jsDelivr (overwrite=true), so the fix reaches devices via: republish jspod → bumpJSPOD_PAGES_VERSIONin js-pod/android → rebuild APK (re-seeds the patched pages on next launch).Also (device-level)
Ship/keep a modern browser in the de-Googled phone image — the real fix for the
crypto.subtlerequirement.Related
JavaScriptSolidServer/solid-oidcdocs: slim README to 89 lines, hero block above the fold #10 — upstream graceful degradation (polyfill + clear error in the lib itself).js-pod/android— the device/WebView side.