An error occurred when calling registerPasskey

zkyeshuoer · September 6, 2024, 4:10pm

SDK Version:8.1.1
Platform: Web
Browser Console Screenshots:

Xnip2024-09-06_23-59-011614×596 110 KB
Verifier Name: jwks-jwt
JWKS Endpoint: https://the-wallet-protocol-poc-422ad9d857ec.herokuapp.com/jwks.json
Sample idToken (JWT): “eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6Inh4eCJ9.eyJzdWIiOiIzZDE3ZTU5Yi0xOTBhLTRlMjAtOWNhMC0yMGI3MDkwYzc0YjIiLCJuYW1lIjoidGVzdDRAYWJjLmNvbSIsImVtYWlsIjoidGVzdDRAYWJjLmNvbSIsImlzcyI6InZhc3R3YWxsZXQiLCJpYXQiOjE3MjU2MzgwMjEsImV4cCI6MTcyNTY0MTYyMX0.ydWloH-IgaLBUSIpQr4vzhT0AFxiOi6RKLzxFN5gvi52X4DVC_AdVl-_ZGRYDiwf-MbyFK4mrm3YB5PiF-PKx7tJw_ht-_5TkHJ4-j_K516K7dd-CULctVV4IjDYdfKcdzPhoNusJpC-P0wZr_FaRM6dDR-KZ6r-_joyEUcAvmOK9zHyThNnZr8uOA9eCr8sgKi0_2CqkGNiTN8IXbFOKToE3tRE9fgwgu2XNE71EEjTmCfcAy_J32UG4DDwgXo-OAnotxYr0qQNDvguPldYz_ViG4u-168j7zDl6Zxbibii2h81ErW_aw0Mvoa315GrAxOyDrWSm7uKn93a76-0bw”

I am using Custom JWT Verifier and Passkeys Plugin. After clicking the signup button, I successfully logged in. Then, when I click register passkey, the browser pops up a passkey window. After completing the setup, this error appears: User verification required, but user could not be verified."

here is the front end page

// page.tsx
const passkeysPlugin = new PasskeysPlugin({
  rpID: "localhost",
  rpName: "localhosttest",
});

const chainConfig = {
  chainId: "0xaa36a7",
  displayName: "Sepolia Testnet ETH",
  chainNamespace: CHAIN_NAMESPACES.EIP155,
  tickerName: "Sepolia Testnet ETH",
  ticker: "ETH",
  decimals: 18,
  rpcTarget: "https://rpc.ankr.com/eth_sepolia",
  blockExplorerUrl: "https://sepolia.etherscan.io",
};

const privateKeyProvider = new EthereumPrivateKeyProvider({
  config: { chainConfig },
});

// Initialising Web3Auth Single Factor Auth SDK
const web3authSfa = new Web3Auth({
  clientId, // Get your Client ID from Web3Auth Dashboard
  web3AuthNetwork: WEB3AUTH_NETWORK.SAPPHIRE_DEVNET, // ["cyan", "testnet"]
  usePnPKey: false, // Setting this to true returns the same key as PnP Web SDK, By default, this SDK returns CoreKitKey.
  privateKeyProvider,
});

web3authSfa.addPlugin(passkeysPlugin);

function App() {
  const [isLoggingIn, setIsLoggingIn] = useState(false);
  const [isLoggedIn, setIsLoggedIn] = useState(false);
  const [email, setEmail] = useState('test2@abc.com');
  
  useEffect(() => {
    const init = async () => {
      try {
        web3authSfa.init();
        log('init')
      } catch (error) {
        console.error(error);
      }
    };

    init();
  }, []);

  const getIdToken = async () => {
    // Get ID Token from server
    const res = await fetch("http://localhost:5001/api/token", {
      method: "POST",
      headers: {
        "Content-Type": "application/json",
      },
      body: JSON.stringify({ email })
    });
    const data = await res.json();
    return data?.token;
  };

  const signUp = async () => {
    setIsLoggingIn(true);
    const idTokenResult = await getIdToken();

    const { payload } = decodeToken(idTokenResult);
    log('payload', payload)
    const provider = await web3authSfa?.connect({
      verifier,
      verifierId: (payload as any).email,
      idToken: idTokenResult,
    });
    log('provider', provider)
    setIsLoggingIn(false);
    setIsLoggedIn(true);
  }

  async function registerPasskey() {
    try {
      log('email', email)
      const res = await passkeysPlugin.registerPasskey({
        username: email,
      });
      console.log("Passkey registered successfully", res);
    } catch (error) {
      console.error("Error registering passkey:", error);
    }
  }

  async function loginWithPasskey() {
    try {
      const user = await passkeysPlugin.loginWithPasskey({
        // authenticatorId: authenticatorId,
      });
      console.log("User logged in successfully:", user);
    } catch (error) {
      console.error("Error logging in with passkey:", error);
    }
  }

  const loginView = (
    <div>
      login
      <Button onClick={registerPasskey}>register passkey</Button>
      <Button onClick={loginWithPasskey}>login with passkey</Button>
    </div>
  )

  const logoutView = (
    <div className="bg-red-200 w-1/2 mx-auto">
      <Input
        value={email}
        onChange={(e) => setEmail(e.target.value)}
      />
      <Button onClick={signUp}>sign up</Button>
    </div>
  )

  return (
    <div className="">
      {isLoggingIn ? <LogoLoading /> : <div className="">{web3authSfa ? (isLoggedIn ? loginView : logoutView) : null}</div>}
    </div>
  );
}

here is the token generation api

.post('/api/token', (req: any, res: any) => {
    const email = req.body.email
    console.log('email', email)

    const privateKeyBase64 = process.env.PRIVATE_KEY_BASE64!
    const privateKey = Buffer.from(privateKeyBase64, 'base64').toString('ascii')
    const token = jwt.sign(
      {
			  sub: uuidv4(), // must be unique to each user
			  name: email,
			  email: email,
			  // aud: "urn:my-resource-server", // -> to be used in Custom Authentication as JWT Field
			  iss: "vastwallet", // -> to be used in Custom Authentication as JWT Field
			  iat: Math.floor(Date.now() / 1000),
			  exp: Math.floor(Date.now() / 1000) + 60 * 60,
			},
			privateKey,
			{ algorithm: "RS256", keyid: "xxx" } // <-- This has to be present in the JWKS endpoint.
		);
    res.status(200).json({ token });

w3abot · September 6, 2024, 4:11pm

Hi Kun,

Thanks for reaching out regarding the issue you’re facing with registering a passkey. Based on the details you’ve provided, it looks like you are experiencing a “User verification required, but user could not be verified” error when calling registerPasskey after logging in successfully.

You’ve already provided most of the necessary details which is great! To help the support team understand and resolve your issue better, here’s a summary of the provided details:

SDK Details:

SDK Type: Single Factor Auth Web SDK
SDK Version: 8.1.1
Platform: Web

Error Description:

Error Message: “User verification required, but user could not be verified.”

Provided Information:

Verifier Name: jwks-jwt
JWKS Endpoint: https://the-wallet-protocol-poc-422ad9d857ec.herokuapp.com/jwks.json
Sample idToken (JWT): "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6Inh4eCJ9.eyJzdWIiOiIzZDE3ZTU5Yi0xOTBhLTRlMjAtOWNhMC0yMGI3MDkwYzc0YjIiLCJuYW1lIjoidGVzdDRAYWJjLmNvbSIsImVtYWlsIjoidGVzdDRAYWJjLmNvbSIsImlzcyI6InZhc3R3YWxsZXQiLCJpYXQiOjE3MjU2MzgwMjEsImV4cCI6MTcyNTY0MTYyMX0.ydWloH-IgaLBUSIpQr4vzhT0AFxiOi6RKLzxFN5gvi52X4DVC_AdVl-_ZGRYDiwf-MbyFK4mrm3YB5PiF-PKx7tJw_ht-_5TkHJ4-j_K516K7dd-CULctVV4IjDYdfKcdzPhoNusJpC-P0wZr_FaRM6dDR-KZ6r-_joyEUcAvmOK9zHyThNnZr8uOA9eCr8sgKi0_2CqkGNiTN8IXbFOKToE3tRE9fgwgu2XNE71EEjTmCfcAy_J32UG4DDwgXo-OAnotxYr0qQNDvguPldYz_ViG4u-168j7zDl6Zxbibii2h81ErW_aw0Mvoa315GrAxOyDrWSm7uKn93a76-0bw"

Frontend Code: Provided including initialization of Web3Auth and PasskeysPlugin along with signup and registerPasskey functionalities.

Browser Console Screenshot:

Error Screenshot1614×596 110 KB

Given the error message, here are a few initial things to verify:

Passkeys Configuration: Ensure that the rpID matches the domain you’re working on. Since you mentioned localhost, try setting rpID: "localhost" only for development.
User Verification Requirement: Confirm that the user device supports the required level of biometric verification or hardware security key.
Credential Setup Validity: Ensure that the PublicKeyCredential is properly created and stored.

While waiting for the support team to take a closer look, you might want to check these aspects and share any additional findings.

This response was generated by the Web3Auth Bot and a person from the Web3Auth team will come and give answer to your query as well.

maharshi · September 7, 2024, 12:09am

Hey @zkyeshuoer
On what kind of device are you trying to register the passkey? Does it have biometric verification turned on in your settings?

zkyeshuoer · September 7, 2024, 2:29am

I use iCloud Keychain and input a password to continue. The login method of passkeys is available on other websites.

maharshi · September 10, 2024, 7:40am

Hello @zkyeshuoer
We need an biometric verification to make our passkeys work. So you might have to turn on the Touch id or use a touch id enabled device to use this feature.

leoniemeeyr · September 17, 2024, 1:59pm

Hi @zkyeshuoer ,

Ensure the rpID is set to “localhost” for development, and verify that the user’s device supports the required biometric or hardware security key. Also, check if the PublicKeyCredential is properly created and stored…