Error with OpenLogin: 404 invalid public key

I have been encountering the same error for hours and I can’t find a solution.
I use NextJs framework, when I initialize web3auth, I get a 404 error (invalid public key) from torus.
I have created several verifiers but nothing changes, even when I put verifier names that do not exist. I have changed several times from version 5.1 → 4.6. I have enabled popups and redirects but nothing works.

When I try to connect via the popup it remains white and nothing happens. I use webpack 5 but it seems that there is no fix with NestJs.

Thanks you

const web3auth = new Web3AuthNoModal({
    chainConfig: {
      chainNamespace: CHAIN_NAMESPACES.EIP155,
      chainId: '0x1', // EVM chain's Chain ID
      rpcTarget: '', // EVM chain's RPC endpoint
      // Avoid using public rpcTarget in production.
      // Use services like Infura, Quicknode, Alchemy, Ankr etc.
      displayName: 'Ethereum Mainnet', // EVM chain's Name
      blockExplorer: '', // EVM chain's Blockexplorer
      ticker: 'ETH', // EVM chain's Ticker
      tickerName: 'Ethereum', // EVM chain's Ticker Name

  const openloginAdapter = new OpenloginAdapter({
    adapterSettings: {
      network: 'testnet',
      uxMode: 'popup', // also support popup
      loginConfig: {
        jwt: {
          name: 'Bifrost Web3Auth',
          verifier: 'bifrost-web3auth-demo',
          typeOfLogin: 'jwt',

  await web3auth.init();

  await web3auth.connectTo(WALLET_ADAPTERS.OPENLOGIN, {
    loginProvider: 'jwt',
    extraLoginOptions: {
      id_token: access_token,
      verifierIdField: 'sub',

Hey @alexandrepe

You’re passing access_token in the extraLoginOptions. It should be an id_token (JWT) you generate/obtain from the login provider.

Also, the error you’re getting in the network call is different.

Hi @shahbaz !

access_token come from my custom JWT auth, I used jwonwebtoken nodejs package to sign it, here is an example token signed with my private key. When I check the jwt with my JWK, signature is verified.

const access_token = getAccessFromResponse(
    await<unknown>(ApiRoutes.login, data),

Also even if I comment this part of the code (connection), I get the 404 error.

It’s really problematic, I have to make a presentation in my company of this solution in 3 hours but if I can’t do it I will have to present MagicLink instead

Here, you’re referring to id_token as access_token. I got confused.

Can you share how you are generating the token? Also, please share your jwks endpoint here


Here is my JWKS endpoint:

To generate my token I use JwtModule from Nest which use jsonwebtolen.
Here is my AuthModule :

  imports: [
    PassportModule.register({ defaultStrategy: 'jwt' }),
      useFactory: () => ({
        privateKey: fs.readFileSync('./keys/private.pem'),
        publicKey: fs.readFileSync('./keys/public.pem'),
        signOptions: {
          expiresIn: 3600,
          audience: 'bifrost-web3auth',
          algorithm: 'RS256',
          keyid: 'web3auth',
  controllers: [AuthController],
  providers: [AuthService, JwtStrategy, { provide: APP_GUARD, useClass: CustomAuthGuard }],
export class AuthModule {}

The function who create JWT :

private createJwt(user: User, minutesToLive: number, type: TokenType): string {
    const token = this.jwtService.sign({ sub:, type }, { expiresIn: minutesToLive * 60 });

    this.logger.log(`token created, type ${type}, value ${token}`);

    return token;

Have you created this verifier on the web3auth dashboard?

Visit Bring your own custom JWT Providers | Documentation to learn how


In the documentation I found this example :

  "keys": [
      "kty": "RSA",
      "kid": "1bb9605c36e{your_kid}69386830202b2d",
      "use": "sig",
      "alg": "RS256",
      "n": "0x{your_n}",
      "e": "0x{your_e}"

Do I need to name my kid with 1bb9605c36e{your_kid}69386830202b2d ?
for example if in my token kid is test do I need to name kid 1bb9605c36etest69386830202b2d in the jwks ?

Also, in my JWK n and e don’t start with 0x, do I need to convert my current value ?

Here is my JWKS :

      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "web3auth",
      "n": "rbPDa0AEinT2w0WHTkpdD8hyZ7SE-ROnzCAacTU_S-PV0IYPgS5OE_e1c6ioAYnEpAdccNxVRGpjc27ypFDK8PKn9C_1stp8m5rmE8dzbKcITO1SB1rsDxYLn2UNZpVhK3awi-jj9kEmA9wHIllX407iqEpWvhd5PyextFCS3Txb_jEL5ngS82ZN2cDpOiSpDqAi4ocQMqZYykh-x6GUPwx7zZMRbCdVrjny8hA6n50YGHydOwqu19gGqlqEklqwacKCfnaq1eAOmzc_pyO2lqaqLsymuC9kvF_ax09FhskeKvM7sVsi78IAcnRUPawMxzHx6TPnt7t1uSy9YGWX0hluybWswaEDRiBCobmx6A6v2PcGMK7swb_hMDZlhVU8_1wDCnH0VbNUsff7DTdGlQd1Z8hUQuG8oygzkwPThuA-cWSQipFX3Eo-yALtLORVkOkU1OaL25uiWKtFM25jO5iXzcHnYhXjx5TPfoX7oCDP5G24iDuZ_SaFk3QYJlUu8BJx86XY0Kn0dltbnqmBqEYF88h-U8ET_BJihJ0rj7FZ_pOs-1GQRb0IkuEe0_WH0tVpDAEMhwPyAuaRXfudx0HPep16nEiXtChRyU7W87FtI5cDt_6fAAkaf4VKt1o1PMsHAIsrJPA_yasQcDsdKRRLSBERuq00IGwlWcxsJwU",
      "alg": "RS256"

Thanks for sharing!

By looking closely at JWKS, I see that your e field has 0xAQAB. Can you share a sample id_token here?

Also, how did you convert your public.pem file to JWKS?

Yes i tried with 0x, but it’s does’nt work too.
I used an online converter to do this. You can check my JWK on it’s working fine.

Here is a sample : eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IndlYjNhdXRoIn0.eyJzdWIiOiJmMzVmM2UzNS1lZWIwLTQ1N2UtYjUyMC00YzRhMGUzMzQ2N2IiLCJ0eXBlIjoicmVmcmVzaCIsImlhdCI6MTY4MjM3NTAwMywiZXhwIjoxNzEzOTExMDAzLCJhdWQiOiJiaWZyb3N0LXdlYjNhdXRoIn0.V1DJW_uJb4-2H5ltUQvWvANgNEWgiUPch9uYQalqq79cgL5TFcE_wDIkaIf9TxfujTlHKBzoF4pChBYhONUnVdQau5tGwRDg6SJjlhM3NiY7cRxY53EjY8K4TaqxcSvAR7pjhNMCpOTYyjeUQ3tem6i7MTivDWn5L9f3VbrU1zbSuUxCLZzpWN1XljlFPz3g6vsdVU38xwM4FKyBOhvH_6FeIs2RPdnHLI8H0ypEWCXVu_HhlH1Ow1LWKPYqU__9MdQaq4w9i-Ljivc3xC-K3DklYeoGbbI5lz6EU5XTT68DjV-xb_N7QxJp5vMu8cdRyTqVN0VhkQvtvE3SbTPVpVv-rYBnnbKF723GGVot67_th6TWOBS30oOaCCX2vBNfELUWkBJmB7rEzfn_Iu3_0_v4pw7Dw6WsFkX0g_TIES4falRZrkwDOZhBZasMipW3JTdLSk5tLNelKWoXbfESw0m3e6aVHaqDglo48tVbDwLV_3mzxrbGF-5tKYJ9muvuZUwLKh5Q97qAfNesGv0yrdJCPeNGAmpUSG09VBenkpqjd6ZQjLTt0hEwz6grfzwYUdsq-8l05LjyXj_K3bVVOc_JqbEqfjnFon8hUKWkAT82aKdFn7-MMb9JdG5BJxbfnrOyGL9g4t-eQgwnSi5xNOzlsxn4UcVe2GCD_rxvwo4

Looks like you updated jwks again, without 0x. It should be working by now.

What’s the error you are getting in the browser console?

At the beginning there were no 0x

Always the same error:

In the popup window :

Hey @alexandrepe

Can you share the full initialization and login code snippet here? Looks like it’s missing a param.

Please try adding clientId to jwt and try again. Also, can you expand Object after OpenLogin - RPC Error: Invalid params and share that too?

1 Like

It’s working ! Thx u :pray:

1 Like

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.