libsodium 0.7.9+ makes this library unstable

[tvquizphd]

Observed error

When using libsodium 0.7.9 or 0.7.10, the client-side Authentication fails at this line with this message:

client_authenticated_2 false user_id

Curiously, this error only occurs about 9 of every 10 test runs.

Expectation

The tests should pass with minor version updates to libsodium.

The path forward

Clues to the origin of the error may be buried in the libsodium 0.7.9 release logs.

My Workaround

In packages that use opaque, I specify a manual override to pin libsodium to 0.7.8, which works.

  "pnpm": {                                                         
    "overrides": {
      "libsodium-wrappers-sumo": "0.7.8"
    }              
  } 

The tests always pass as expected with libsodium 0.7.8.

[AverageHelper]

I've made a fork and a PR at #7 that may address this issue by pinning the libsodium version to 0.7.6. I haven't dug into the differences in the versions since that one yet, so if we should pin to a later version for some actual enhancement, I probably should do that in my fork.

Any additional eyes on the problem would be very helpful!

[tvquizphd]

In PR #8, I've pinned libsodium to 0.7.8. I'm not a maintainer, but I'm interested in your typescript port as well!

[wyatt-howe]

There is a (mostly unknown) bug in older versions of libsodium.js that relates to point normalization (and possibly other
things). I have meant to find a backwards compatible workaround for a while, but I agree it is best to pin the version in the
meantime. Thanks for tracking down the specific problematic versions.