Email_passwordless login error

michal · February 6, 2025, 7:22am

I’m trying to implement “Aggregate multiple providers”. The first provider is auth0 and the second is email passwordless. The error below is from trying to log in using email-passwordless.

SDK Version(package.json):

"@web3auth/auth-adapter": "^9.5.3"
"@web3auth/base": "^9.5.3"
"@web3auth/ethereum-provider": "^9.5.3"
"@web3auth/no-modal": "^9.5.3"

Platform:

Angular 19.1.1

Browser Console Screenshots:

{
  "errorMsg": "Error occurred while verifying params aud validation failed, token values [BLny0ty9cNjFXGq4UvIt_oR8G63zIEnKLNVfXQl_tvGAuFnqDjvWBFXcz3q1VQcVmdkRZSv61Hod778w5aAgeaU] dont include validation value ",
  "errorStack": "Error: Error occurred while verifying params aud validation failed, token values [BLny0ty9cNjFXGq4UvIt_oR8G63zIEnKLNVfXQl_tvGAuFnqDjvWBFXcz3q1VQcVmdkRZSv61Hod778w5aAgeaU] dont include validation value \n    at wt (https://auth.web3auth.io/v9/assets/index-DTyerrT2.js:2:2549)\n    at https://auth.web3auth.io/v9/assets/index-DTyerrT2.js:2:10940",
  "title": "Mount Error",
  "createdAt": "2/6/2025, 8:40:20 AM",
  "info": {
    "customAuthState": {
      "client": "BLny0ty9cNjFXGq4UvIt_oR8G63zIEnKLNVfXQl_tvGAuFnqDjvWBFXcz3q1VQcVmdkRZSv61Hod778w5aAgeaU",
      "currentLoginProvider": "email_passwordless",
      "popupWindow": "true",
      "whiteLabel": "{\"mode\":\"light\"}",
      "keyMode": "v1",
      "loginId": "d1848b7a31c6b9f4eb667589e3c1330dbf4b8720e471ede47839501c90a7bb29",
      "sessionNamespace": "",
      "socialFactorFlow": "",
      "version": "9",
      "instanceId": "6xkj8odfw5e",
      "verifier": "empass",
      "typeOfLogin": "email_passwordless",
      "redirectToOpener": false
    },
    "customAuthArgs": {
      "aggregateVerifierType": "single_id_verifier",
      "verifierIdentifier": "revelator-aggregate",
      "subVerifierDetailsArray": [
        {
          "typeOfLogin": "email_passwordless",
          "verifier": "empass",
          "clientId": "BLny0ty9cNjFXGq4UvIt_oR8G63zIEnKLNVfXQl_tvGAuFnqDjvWBFXcz3q1VQcVmdkRZSv61Hod778w5aAgeaU",
          "jwtParams": {
            "domain": "https://passwordless.web3auth.io/v6",
            "verifierIdField": "name",
            "isVerifierIdCaseSensitive": false,
            "flow_type": "code",
            "login_hint": "oleg@revelator.com"
          },
          "customState": {
            "client": "BLny0ty9cNjFXGq4UvIt_oR8G63zIEnKLNVfXQl_tvGAuFnqDjvWBFXcz3q1VQcVmdkRZSv61Hod778w5aAgeaU",
            "currentLoginProvider": "email_passwordless",
            "popupWindow": "true",
            "whiteLabel": "{\"mode\":\"light\"}",
            "keyMode": "v1",
            "loginId": "d1848b7a31c6b9f4eb667589e3c1330dbf4b8720e471ede47839501c90a7bb29",
            "sessionNamespace": "",
            "socialFactorFlow": "",
            "version": "9"
          },
          "hash": "state=eyJjbGllbnQiOiJCTG55MHR5OWNOakZYR3E0VXZJdF9vUjhHNjN6SUVuS0xOVmZYUWxfdHZHQXVGbnFEanZXQkZYY3ozcTFWUWNWbWRrUlpTdjYxSG9kNzc4dzVhQWdlYVUiLCJjdXJyZW50TG9naW5Qcm92aWRlciI6ImVtYWlsX3Bhc3N3b3JkbGVzcyIsInBvcHVwV2luZG93IjoidHJ1ZSIsIndoaXRlTGFiZWwiOiJ7XCJtb2RlXCI6XCJsaWdodFwifSIsImtleU1vZGUiOiJ2MSIsImxvZ2luSWQiOiJkMTg0OGI3YTMxYzZiOWY0ZWI2Njc1ODllM2MxMzMwZGJmNGI4NzIwZTQ3MWVkZTQ3ODM5NTAxYzkwYTdiYjI5Iiwic2Vzc2lvbk5hbWVzcGFjZSI6IiIsInNvY2lhbEZhY3RvckZsb3ciOiIiLCJ2ZXJzaW9uIjoiOSIsImluc3RhbmNlSWQiOiI2eGtqOG9kZnc1ZSIsInZlcmlmaWVyIjoiZW1wYXNzIiwidHlwZU9mTG9naW4iOiJlbWFpbF9wYXNzd29yZGxlc3MiLCJyZWRpcmVjdFRvT3BlbmVyIjpmYWxzZX0&id_token=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL3RvcnVzLmF1LmF1dGgwLmNvbS8iLCJhdWQiOiJCTG55MHR5OWNOakZYR3E0VXZJdF9vUjhHNjN6SUVuS0xOVmZYUWxfdHZHQXVGbnFEanZXQkZYY3ozcTFWUWNWbWRrUlpTdjYxSG9kNzc4dzVhQWdlYVUiLCJuYW1lIjoib2xlZ0ByZXZlbGF0b3IuY29tIiwiZW1haWwiOiJvbGVnQHJldmVsYXRvci5jb20iLCJpYXQiOjE3Mzg4MjQwMTcsImVhdCI6MTczODgyNDMxNywiZXhwIjoxNzM4ODI0MzE3fQ.8TYrjRhyZM3ey8CbGkABCdtb4aYqS-9bwZGP1KuRo5JgeB44df6ujq6Drf9RrjdSKlQcNEcbLxPY2jDUDi40PA",
          "queryParameters": {}
        }
      ]
    },
    "customAuthError": "Error occurred while verifying params aud validation failed, token values [BLny0ty9cNjFXGq4UvIt_oR8G63zIEnKLNVfXQl_tvGAuFnqDjvWBFXcz3q1VQcVmdkRZSv61Hod778w5aAgeaU] dont include validation value ",
    "customAuthHashParams": {
      "state": "eyJjbGllbnQiOiJCTG55MHR5OWNOakZYR3E0VXZJdF9vUjhHNjN6SUVuS0xOVmZYUWxfdHZHQXVGbnFEanZXQkZYY3ozcTFWUWNWbWRrUlpTdjYxSG9kNzc4dzVhQWdlYVUiLCJjdXJyZW50TG9naW5Qcm92aWRlciI6ImVtYWlsX3Bhc3N3b3JkbGVzcyIsInBvcHVwV2luZG93IjoidHJ1ZSIsIndoaXRlTGFiZWwiOiJ7XCJtb2RlXCI6XCJsaWdodFwifSIsImtleU1vZGUiOiJ2MSIsImxvZ2luSWQiOiJkMTg0OGI3YTMxYzZiOWY0ZWI2Njc1ODllM2MxMzMwZGJmNGI4NzIwZTQ3MWVkZTQ3ODM5NTAxYzkwYTdiYjI5Iiwic2Vzc2lvbk5hbWVzcGFjZSI6IiIsInNvY2lhbEZhY3RvckZsb3ciOiIiLCJ2ZXJzaW9uIjoiOSIsImluc3RhbmNlSWQiOiI2eGtqOG9kZnc1ZSIsInZlcmlmaWVyIjoiZW1wYXNzIiwidHlwZU9mTG9naW4iOiJlbWFpbF9wYXNzd29yZGxlc3MiLCJyZWRpcmVjdFRvT3BlbmVyIjpmYWxzZX0",
      "id_token": "eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL3RvcnVzLmF1LmF1dGgwLmNvbS8iLCJhdWQiOiJCTG55MHR5OWNOakZYR3E0VXZJdF9vUjhHNjN6SUVuS0xOVmZYUWxfdHZHQXVGbnFEanZXQkZYY3ozcTFWUWNWbWRrUlpTdjYxSG9kNzc4dzVhQWdlYVUiLCJuYW1lIjoib2xlZ0ByZXZlbGF0b3IuY29tIiwiZW1haWwiOiJvbGVnQHJldmVsYXRvci5jb20iLCJpYXQiOjE3Mzg4MjQwMTcsImVhdCI6MTczODgyNDMxNywiZXhwIjoxNzM4ODI0MzE3fQ.8TYrjRhyZM3ey8CbGkABCdtb4aYqS-9bwZGP1KuRo5JgeB44df6ujq6Drf9RrjdSKlQcNEcbLxPY2jDUDi40PA"
    }
  }
}

Also, kindly provide the Web3Auth initialization and login code snippet below. This will help us better understand your issue and provide you with the necessary assistance.

import { ChangeDetectionStrategy, Component, OnInit } from '@angular/core';
import { UntilDestroy } from '@ngneat/until-destroy';
import { AuthAdapter } from '@web3auth/auth-adapter';
import {
  CHAIN_NAMESPACES,
  WALLET_ADAPTERS,
  WEB3AUTH_NETWORK
} from '@web3auth/base';
import { EthereumPrivateKeyProvider } from '@web3auth/ethereum-provider';
import { Web3AuthNoModal } from '@web3auth/no-modal';
import { from } from 'rxjs';

@UntilDestroy()
@Component({
  selector: 'finance-vault',
  templateUrl: './vault.component.html',
  styleUrls: ['./vault.component.scss'],
  changeDetection: ChangeDetectionStrategy.OnPush,
  standalone: false
})
export class VaultComponent implements OnInit {
  private web3AuthClientId =
    'BLny0ty9cNjFXGq4UvIt_oR8G63zIEnKLNVfXQl_tvGAuFnqDjvWBFXcz3q1VQcVmdkRZSv61Hod778w5aAgeaU';

  private chainConfig = {
    chainNamespace: CHAIN_NAMESPACES.EIP155,
    chainId: '0xaa36a7',
    rpcTarget: 'https://rpc.ankr.com/eth_sepolia',
    displayName: 'Ethereum Sepolia Testnet',
    blockExplorerUrl: 'https://sepolia.etherscan.io',
    ticker: 'ETH',
    tickerName: 'Ethereum',
    logo: 'https://cryptologos.cc/logos/ethereum-eth-logo.png'
  };

  private privateKeyProvider = new EthereumPrivateKeyProvider({
    config: { chainConfig: this.chainConfig }
  });

  private web3auth = new Web3AuthNoModal({
    clientId: this.web3AuthClientId,
    web3AuthNetwork: WEB3AUTH_NETWORK.SAPPHIRE_MAINNET,
    privateKeyProvider: this.privateKeyProvider
  });

  private provider: any;

  ngOnInit(): void {
    const authAdapter = new AuthAdapter({
      adapterSettings: {
        uxMode: 'popup',
        loginConfig: {
          email_passwordless: {
            verifier: 'revelator-aggregate',
            verifierSubIdentifier: 'empass',
            typeOfLogin: 'email_passwordless',
            clientId: this.web3AuthClientId
          }
        }
      }
    });

    this.web3auth.configureAdapter(authAdapter);

    from(this.web3auth.init()).subscribe(
      () => {
        console.log('Web3AuthNoModal Init');
        console.log('Connected', this.web3auth.connected);
      }
    );
  }

  /********************************************************************************
   * ACTIONS
   *******************************************************************************/

  onConnect(email: string): void {
    this.web3auth
      .connectTo(WALLET_ADAPTERS.AUTH, {
        loginProvider: 'email_passwordless',
        extraLoginOptions: {
          login_hint: email
        }
      })
      .then((provider) => {
        this.provider = provider;
      });
  }
}

w3abot · February 6, 2025, 7:23am

Hello Michal,

Thank you for sharing all the details. It seems you are facing an issue with the “email_passwordless” login while trying to implement “Aggregate multiple providers.” Let’s summarize the key points of your setup:

SDK Details: PnP Web SDK with packages @web3auth/auth-adapter, @web3auth/base, @web3auth/ethereum-provider, and @web3auth/no-modal at version 9.5.3.
Platform: Angular 19.1.1
Issue: Email passwordless login error, specifically with audience (aud) validation failure in the token.
Error Message: The token’s audience doesn’t match the validation value expected, leading to a verification error.
Initialization and Login Code Snippet: You’ve provided the setup with the Web3AuthNoModal component and configuration details.

From your code snippet and the error provided, it looks like the error might be tied to the mismatch or incorrect configuration regarding the clientId and expected aud value in your JWT token.

Next Steps:

Double-check the clientId being used in your configuration (BLny0ty9cNjFXGq4UvIt_oR8G63zIEnKLNVfXQl_tvGAuFnqDjvWBFXcz3q1VQcVmdkRZSv61Hod778w5aAgeaU) making sure it’s properly set in your auth provider console.
Ensure that the aud claim in your JWT token matches the clientId you’ve configured in your project.

If those are correctly set, and you’re still experiencing issues, please confirm the domain and configuration within the aggregated verifier authentication settings in your Web3Auth context or reach out for further assistance.

I hope this helps! Let us know if you have any more questions or if there’s anything else you’d like to discuss.

Note: This response was generated by an AI bot and may require further verification. The Web3Auth support team has tracked this issue and will be responding as soon as possible.

shahbaz · February 6, 2025, 8:20am

Hey @michal

By looking at your verifier, I discovered that the aud value is missing. Can you share the screenshot of your dashboard where this sub-verifier is configured?

michal · February 6, 2025, 12:46pm

@shahbaz thank you for your answer
for email passwordless:

for auth0:

shahbaz · February 7, 2025, 3:35am

Thanks for sharing @michal

We found a bug in updating logic, looks like you have updated this verifier to include this email_passwordless verifier.

We are updating on our end, the same code will work once updated.

But to unblock you on testing, you can create a new aggregate verifier with exact same configuration with a different name, and it will work, unblocking you to do other business logic.

Once updated from our end, I will update this thread to notify you.