Cannot login with custom jwt

denisa.halmaghi · April 10, 2023, 9:58am

Hello! I’m having trouble with the custom JWT authentication. I’m currently trying to integrate web3auth with keycloak. I followed the points in the documentation but it does not seem to work.

SDK Version:
“@web3auth/base”: “^5.1.0”,
“@web3auth/metamask-adapter”: “^5.1.0”,
“@web3auth/no-modal”: “^5.1.0”,
“@web3auth/openlogin-adapter”: “^5.1.1”
Platform:
macOS 13.2.1
Node 18.12.1
Vue ^3.2.38
Browser Console Screenshots:

Screenshot 2023-04-10 at 12.28.011177×730 183 KB

It appears that when it tries to get the jwt verifier from loginConfig it does not find anything and I think this might be because loginConfig is not present in the request, but I don’t know why and am currently stuck here.

In case it helps, this is the request object:

 const r = req as ValidatedJRPCRequest<Record<string, unknown>[]>;

1. clientId: "XXXXX"
2. loginConfig: {}
3. method: "openlogin_login"
4. origin: "http://localhost:5173"
5. params: [{…}]
6. pid: "XXXXX"
7. popupWindow: false
8. redirect: true
9. sessionId: "XXXXX"
10. user: ""
11. _sessionNamespace: undefined

Additionally, Typescript is yelling at me and telling me that loginConfig is not present in OpenloginAdapterOptions (maybe this helps somehow).

Related to Custom Authentication? Please provide the following info too: (Optional)
- Verifier Name: web3-auth-verifier-test
- JWKS Endpoint: “https://lemur-4.cloud-iam.com/auth/realms/web3auth-keycloak-test-deployment/protocol/openid-connect/certs”
- Sample idToken(JWT) : eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJJSE9oaXlFdnlVa1RKeGJ1ZzRReGFYLUltblhDd044Mnk1cUxtalRELURjIn0.eyJleHAiOjE2ODExMjA1NTIsImlhdCI6MTY4MTEyMDI1MiwiYXV0aF90aW1lIjoxNjgxMTIwMjUxLCJqdGkiOiJiYzY0NDY2ZC02NGVmLTQyM2MtYTY2Yi1kMGRmNTQ2NTgwMzAiLCJpc3MiOiJodHRwczovL2xlbXVyLTQuY2xvdWQtaWFtLmNvbS9hdXRoL3JlYWxtcy93ZWIzYXV0aC1rZXljbG9hay10ZXN0LWRlcGxveW1lbnQiLCJhdWQiOiJjbGllbnQxIiwic3ViIjoiMjQ4NGQzZGEtMjBhYS00NmE1LWE5NDctMjdiMDE5NGYyMzZlIiwidHlwIjoiSUQiLCJhenAiOiJjbGllbnQxIiwibm9uY2UiOiJkOWMzYmFmZS0wNTc3LTRlMWQtODAyYS1lNjQ3OGEzMzU2ZDgiLCJzZXNzaW9uX3N0YXRlIjoiMmI2YTUwNTItZjA5Yi00ZjQ0LTkwNTAtM2NiNWI5ODQxNWUyIiwiYXRfaGFzaCI6ImFycm9QbVJOSXZ4T0VPTllJVWU1bnciLCJhY3IiOiIxIiwic2lkIjoiMmI2YTUwNTItZjA5Yi00ZjQ0LTkwNTAtM2NiNWI5ODQxNWUyIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsIm5hbWUiOiJ3ZWIzYXV0aC1rZXljbG9hay10ZXN0LWRlcGxveW1lbnQgQWRtaW5pc3RyYXRvciIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiZ2l2ZW5fbmFtZSI6IndlYjNhdXRoLWtleWNsb2FrLXRlc3QtZGVwbG95bWVudCIsImZhbWlseV9uYW1lIjoiQWRtaW5pc3RyYXRvciIsImVtYWlsIjoiYWRtaW5AZW1haWwuY29tIn0.D5kwg7WoVp2eJGTsV2C-FZrTMlfYLuEzYVVN-DO9YEdhVuJGclpysxENNsF2xnnktAev1dOtYIuyeKR9eccE1YI9D5uAFzZFCxjcmEhFb7nFjfGTJi-5Y1N4_yFVL4BJVhmy1J5AHqZT-BKn2AGtVGM75gm4Z9NKbENMl4xkVlzF6GTtNY3YykQE9wMA8d7AYZlBW0aVGTAK5NllEXJlctNNmyg02R_rjqBPQ0roNmVklOt5gptpkowYOHE-wm_JshCT231gmB7iEBXqKqKilzoAtOKuHbouRdXOA7glYYJhs3InGeghiOaosl-8yF-9F1GIzsv_3n4m9h4_htOhEA

Please provide the Web3Auth initialization and login code snippet below:
initialization:

  async function init() {
    const auth = new Web3AuthNoModal(web3AuthConfig);

    const openloginAdapter = new OpenloginAdapter({
      adapterSettings: {
        uxMode: 'redirect',
      },
      loginSettings: {
        mfaLevel: 'none',
        redirectUrl: 'http://localhost:5173/auth/login',
      },

      loginConfig: {
        jwt: {
          verifier: 'web3-auth-verifier-test',
          typeOfLogin: 'jwt',
          clientId: 'client1',
          domain:
            'https://lemur-4.cloud-iam.com/auth/realms/web3auth-keycloak-test-deployment/protocol/openid-connect/auth',
        },
      },
    });

    const metamaskAdapter = new MetamaskAdapter({});

    auth.configureAdapter(metamaskAdapter);
    auth.configureAdapter(openloginAdapter);

    StaticWrapper.web3Auth = auth;

    await auth.init();

    if (auth.provider) {
      provider.value = auth.provider;
    }
  }

login:

    provider.value = await StaticWrapper.web3Auth.connectTo(
      WALLET_ADAPTERS.OPENLOGIN,
      {
        loginProvider: 'jwt',
        extraLoginOptions: {
          id_token: 'idToken', // in JWT Format
          verifierIdField: 'sub', // same as your JWT Verifier ID
          response_type: 'token', //! check if correct
          redirectUrl: 'http://localhost:5173/auth/login',
        },
      }
    );

shahbaz · April 10, 2023, 10:31am

Hey @denisa.halmaghi

Please remove the clientId and domain from here.

denisa.halmaghi:

loginConfig: {
        jwt: {
          verifier: 'web3-auth-verifier-test',
          typeOfLogin: 'jwt',
          clientId: 'client1',
          domain:
            'https://lemur-4.cloud-iam.com/auth/realms/web3auth-keycloak-test-deployment/protocol/openid-connect/auth',
        },
      },

And remove response_type and redirectUrl from here. Also, I assume the idToken passed here is the unused recently generated one.

denisa.halmaghi:

extraLoginOptions: {
          id_token: 'idToken', // in JWT Format
          verifierIdField: 'sub', // same as your JWT Verifier ID
          response_type: 'token', //! check if correct
          redirectUrl: 'http://localhost:5173/auth/login',
        },

Please try again after changing the suggested edits.

denisa.halmaghi · April 10, 2023, 11:09am

I made the changes, I get the same error:

loglevelSentry.esm.js:56 Error: unknown
    at s.translateError (loglevelSentry.esm.js:16:59)
    at l.error (loglevelSentry.esm.js:54:53)
    at openloginJrpc.esm.js:237:13
    at openloginJrpc.esm.js:463:9
    at new Promise (<anonymous>)
    at T._runReturnHandlers (openloginJrpc.esm.js:462:13)
    at async T._processRequest (openloginJrpc.esm.js:627:46)
    at async T._handle (openloginJrpc.esm.js:602:5) 'OpenLogin - RPC Error: Invalid loginProvider or custom loginProvider data not available' {code: -32602, message: 'Invalid loginProvider or custom loginProvider data not available', data: undefined}

denisa.halmaghi · April 10, 2023, 11:10am

Also, I thought it should also work if i do not provide the token? I was expecting the openlogin window to redirect me to the specified domain (like it happens with google, facebook etc.) and that the login flow should proceed from there

shahbaz · April 10, 2023, 12:05pm

Hey @denisa.halmaghi

Did you create this verifier? On which web3auth network?

Also, please refer to this code while initializing for a custom login provider.

github.com

Web3Auth/web3auth-pnp-examples/blob/main/web-no-modal-sdk/custom-authentication/single-verifier-examples/firebase-no-modal-example/src/App.tsx#L42-L66


      
          const init = async () => {
            try {
              const chainConfig = {
                chainNamespace: CHAIN_NAMESPACES.EIP155,
                chainId: "0x5", // Please use 0x1 for Mainnet
                rpcTarget: "https://rpc.ankr.com/eth_goerli",
                displayName: "Goerli Testnet",
                blockExplorer: "https://goerli.etherscan.io/",
                ticker: "ETH",
                tickerName: "Ethereum",
              };
              const web3auth = new Web3AuthNoModal({
                clientId,
                chainConfig,
                web3AuthNetwork: "cyan",
                useCoreKitKey: false,
              });
          
              const privateKeyProvider = new EthereumPrivateKeyProvider({ config: { chainConfig } });

This file has been truncated. show original

For custom login providers, id_token is needed. For other login providers like google, facebook, twitch, discord and auth0 you don’t need to, but in that case, one has to provide clientId and domains, respectively.

denisa.halmaghi · April 10, 2023, 12:42pm

Yes, i created the verifier and it is also active:

denisa.halmaghi · April 10, 2023, 3:03pm

I adapted the code according to the github example you provided and it worked. Thank you!