403 with Node Single Factor Auth

Help - Core-Kit Single Factor Auth Web SDK
, ,
1

I have a node.js app that doesn’t have a domain configured as it just runs background tasks. One of the background tasks involves making a requests to a web3auth to fetch private keys for signing transactions. Up until today things were working fine, and then suddenly all requests started getting rejected by web3auth with a 403 Forbidden error. I suspect that this because the domain is not in the whitelist? However, this deployment instance doesn’t have a domain, since it’s just a node process running background tasks. It does have an IP address, however, web3auth does not allow adding IP addresses to the whitelist.

Would love some assistance with a solution for this.

These are the package versions I’m using:

	        "@web3auth/auth": "^9.5.3",
		"@web3auth/base": "^9.4.5",
		"@web3auth/base-provider": "^9.4.5",
		"@web3auth/node-sdk": "^4.1.0",
		"@web3auth/single-factor-auth": "^9.3.0",
		"@web3auth/solana-provider": "^9.4.5",
  • Platform: Node.js

Here’s my init and login flow

import { CHAIN_NAMESPACES } from '@web3auth/base'
import { SDK_MODE, Web3Auth } from '@web3auth/single-factor-auth'
import { SolanaPrivateKeyProvider } from '@web3auth/solana-provider'
import crypto from 'crypto'
import * as jose from 'jose'
import { v4 } from 'uuid'

export const connnectUser = async (userId: string) => {
	const privateKeyProvider = new SolanaPrivateKeyProvider({
		config: {
			chainConfig: {
				chainNamespace: CHAIN_NAMESPACES.SOLANA,
				chainId: '0x1',
				rpcTarget: 'https://rpc.ankr.com/solana',
				displayName: 'Solana Mainnet',
				blockExplorerUrl: 'https://explorer.solana.com',
				ticker: 'SOL',
				tickerName: 'Solana',
				logo: 'https://images.toruswallet.io/solana.svg',
			},
		},
	})

	const web3auth = new Web3Auth({
		clientId: process.env.WEB3_AUTH_CLIENT_ID, // get from https://dashboard.web3auth.io
		web3AuthNetwork: process.env.WEB3_AUTH_NETWORK,
		privateKeyProvider,
		usePnPKey: false,
		mode: SDK_MODE.NODE,
	})

	await web3auth.init()

	const signingKey = crypto.createPrivateKey({
		key: process.env.WEB3_AUTH_KEY as string,
		format: 'pem',
		type: 'pkcs1',
	})

	const signedJwt = await new jose.SignJWT({ sub: userId, salt: v4() })
		.setProtectedHeader({
			alg: 'RS256',
			kid: process.env.WEB3_AUTH_VERIFIER_KEY_ID,
		})
		.setIssuedAt()
		.setIssuer('VerifierIssuerName')
		.setExpirationTime('5m')
		.sign(signingKey)

	await web3auth.connect({
		verifier: 'verifier-name',
		verifierId: userId,
		idToken: signedJwt,
	})
}
2

Hi David! Thank you for providing all the relevant details about your issue with the Web3Auth SDK. Here’s a summary of your information that will help the support team address the 403 Forbidden error you’re experiencing:

SDK Details:

  • SDK: Single Factor Auth Web SDK
  • SDK Versions:
    • @web3auth/auth: ^9.5.3
    • @web3auth/base: ^9.4.5
    • @web3auth/base-provider: ^9.4.5
    • @web3auth/node-sdk: ^4.1.0
    • @web3auth/single-factor-auth: ^9.3.0
    • @web3auth/solana-provider: ^9.4.5

Platform:

  • Node.js

Issue:

  • Error: 403 Forbidden
  • Description: The requests to Web3Auth for fetching private keys are being rejected. You suspect this might be related to your app not having a domain whitelisted as it’s running as a Node.js process.

Initialization & Login Code Snippet:

import { CHAIN_NAMESPACES } from '@web3auth/base';
import { SDK_MODE, Web3Auth } from '@web3auth/single-factor-auth';
import { SolanaPrivateKeyProvider } from '@web3auth/solana-provider';
import crypto from 'crypto';
import * as jose from 'jose';
import { v4 } from 'uuid';

export const connnectUser = async (userId: string) => {
    //... (rest of your code)
}

Notes:

  • You are running a background Node.js task without a configured domain, but you have an IP address.
  • You mentioned Web3Auth does not allow adding IP addresses to the whitelist.

Possible Next Steps/Suggestions:

  • Confirm that you are using the correct client ID and network in your configuration.
  • If the problem persists, consider reaching out to the Web3Auth support team to discuss potential solutions for your server setup, possibly exploring alternatives for background tasks that may not rely on domain whitelisting.

Feel free to follow up if you have any more details or questions! Your input is valuable, and I hope the support team can assist you effectively!

Note: This response was generated by an AI bot and may require further verification. The Web3Auth support team has tracked this issue and will be responding as soon as possible.

3

Please verify that the client Id, network parameter and verifier are all under the same project on the developer dashboard. we return 403 for incorrect configuration as well.