Call rate limit exhausted

dmytro1 · January 29, 2025, 10:15pm

Hi. I’m building my react native app using web3auth (growth plan). Initially I’ve implemented it using ‘@web3auth/react-native-sdk’ and it worked fine, however, since we are using custom jwt verifier with internal MFA, we decided not to use nomodal scenario (because of user experience and redirection) and try to use single factor sdk. However, on some devices it works fine, but on others, like mine, I constantly receive call rate limit exhausted no matter how long it passes between the calls. Looks like it is blocked on my whole home network.

SDK Version:
“@web3auth/single-factor-auth”: “^9.3.0”,
“@web3auth/base”: “^9.5.3”,
“react-native”: “0.74.5”,
Platform: React Native, MacOS
Browser Console Screenshots:
If the issue is related to Custom Authentication, please include the following information (optional):
- Verifier Name: web3auth-rentinvesto-test-jwt

Also, kindly provide the Web3Auth initialization and login code snippet below. This will help us better understand your issue and provide you with the necessary assistance.

import * as SecureStore from 'expo-secure-store';
import { Web3Auth, SDK_MODE, decodeToken } from '@web3auth/single-factor-auth';
import { useEffect, useState } from 'react';
import { EXPO_PUBLIC_WEB3AUTH_CLIENT_ID, EXPO_PUBLIC_WEB3AUTH_VERIFIER } from '@env';
import '@ethersproject/shims';
import { CHAIN_NAMESPACES } from '@web3auth/base';
import { EthereumPrivateKeyProvider } from '@web3auth/ethereum-provider';

const clientId: string = EXPO_PUBLIC_WEB3AUTH_CLIENT_ID as string;
const verifier: string = EXPO_PUBLIC_WEB3AUTH_VERIFIER as string;

const chainConfig = {
  chainId: '0x89',
  displayName: 'Polygon Mainnet',
  chainNamespace: CHAIN_NAMESPACES.EIP155,
  tickerName: 'Polygon',
  ticker: 'POL',
  decimals: 18,
  rpcTarget: 'https://polygon-rpc.com',
  blockExplorerUrl: 'https://polygonscan.com',
  logo: 'https://cryptologos.cc/logos/polygon-matic-logo.png',
};

const privateKeyProvider = new EthereumPrivateKeyProvider({
  config: { chainConfig },
});

const web3auth = new Web3Auth({
  clientId,
  web3AuthNetwork: 'sapphire_mainnet',
  privateKeyProvider,
  storage: SecureStore,
  mode: SDK_MODE.REACT_NATIVE,
  enableLogging: true,
  usePnPKey: true,
  sessionTime: 7 * 86400,
});

export const useWeb3Auth = () => {
  const [web3LoggedIn, setWeb3LoggedIn] = useState<boolean>(false);
  const [error, setError] = useState<string | null>(null);

  useEffect(() => {
    const initializeWeb3Auth = async () => {
      try {
        await web3auth.init();
      } catch (e: unknown) {
        console.error('Web3Auth initialization failed:', (e as Error)?.message);
        console.error((e as Error)?.stack);
      }
    };

    initializeWeb3Auth();
  }, []);

  const handleWeb3AuthLogout = async (): Promise<void> => {
    try {
      setWeb3LoggedIn(false);
      if (web3auth.connected) {
        await web3auth.logout();
      }
    } catch (e: unknown) {
      if (e instanceof Error) {
        console.error('Web3Auth logout failed:', e.message);
        setError(e.message);
      } else {
        console.error('Unknown error during logout:', e);
        setError('Unknown error during logout');
      }
    }
  };

  const handleWeb3AuthLogin = async (token: string): Promise<void> => {
    try {
      if (web3auth.status !== 'ready') {
        throw new Error('Web3Auth is not initialized');
      }

      const parsedToken = decodeToken<{ sub: string }>(token);
      
      if (!parsedToken.payload?.sub) {
        throw new Error('Invalid token: missing sub claim');
      }

      const verifierId = parsedToken.payload.sub;
      await web3auth.connect({
        verifier,
        verifierId,
        idToken: token,
      });

      if (!web3auth.connected || !web3auth.state.privKey) {
        throw new Error('Failed to obtain private key after connection');
      }

      setWeb3LoggedIn(true);
      setError(null);
    } catch (e: unknown) {
      let errorMessage = 'Web3Auth login failed';
      if (e instanceof Error) {
        errorMessage = e.message;
      }
      console.error('Web3Auth login failed:', errorMessage);
      setError(errorMessage);
      throw new Error(errorMessage);
    }
  };

  return { web3LoggedIn, handleWeb3AuthLogin, handleWeb3AuthLogout, error };
};

is it possible to solve the issue with blocked ip and what is exactly the rate limit?

Other question - is it a good idea to use single factor sdk or rather use tkey?

w3abot · January 29, 2025, 10:17pm

Hello Dmytro,

Thanks for reaching out! I see you’re experiencing a “call rate limit exhausted” issue with the Single Factor Auth Web SDK in your React Native app. This can be tricky, especially since it’s affecting some devices but not others.

To Address the Current Issue:

Rate Limiting: This typically occurs when too many requests are sent in a short period from the same IP. It seems like your home network might be hitting this limit. You can:
- Check your network for other apps or devices causing high traffic.
- Try resetting your router or use a different network to see if it alleviates the problem.
- Ensure that the SDK calls are not being made in a loop or unnecessarily.
Potential Solution: If the issue persists, it might be beneficial to use a proxy server or a different network to prevent IP blocking.
Understanding Rate Limits: Generally, rate limits are in place to prevent abuse and ensure fair access. Exact limits might not be publicly detailed, but you can reach out to Web3Auth support to inquire about specific limits on your plan.

On Single Factor SDK vs. tKey:

Single Factor SDK: This is a quicker setup focusing on simplifying user experience without needing multiple authentication factors.
tKey (Threshold Key): Provides a more secure setup through distributed key management. If your application requires higher security and you’re comfortable with potential additional complexity in implementation, it might be worth considering.

Based on your need for user experience without redirection, the Single Factor SDK seems suitable as long as rate-limiting isn’t affecting your broad user base. Should security needs increase, tKey might be a viable consideration.

Lastly, your code snippets look well-structured! If you need further assistance, feel free to provide any more details or questions you might have.

Hope this helps, and have a great day!

Note: This response was generated by an AI bot and may require further verification. The Web3Auth support team has tracked this issue and will be responding as soon as possible.

dmytro1 · January 29, 2025, 10:20pm

thanks.looks like my ip is constantly blocked and I’m looking for help to unblock it

yashovardhan · February 3, 2025, 11:06am

Hi @dmytro1,

Just checking in to see if you’re still having this issue. This usually happens when you’re logging in too often. Can you check if there’s a recursive call? If not, please let us know your IP address and we’ll take a look.