We have several users who say their wallet addresses have been changed for facebook login to Torus Wallet.
When I checked closely, it seems like user ID on facebook are updated.
In my understanding, the user ID on facebook should be Facebook App specific, and even it’s expired, when the user re-authenticate, the user ID should remain the same as before.
Is it possible that Torus Wallet has updated their facebook app recently, so that the user’s wallet address changed?
Here are some screenshot from Facebook apps&website setting in a single facebook account
The user ID should be the same to maintain the wallet address?
:
These users cannot access to their wallets. And they did not backup their secret key unfortunately.
They confirmed they do not have multiple facebook accounts.
Thank you for sharing the details and screenshots—this really helps clarify the situation.
Summary for Support Team:
SDK: Plug n Play
Platform: Facebook Login via Torus Wallet (Web3Auth)
Issue: Users report wallet addresses have changed after Facebook login. Investigation shows Facebook user IDs appear to have changed, possibly due to a change in the Facebook App used for authentication.
Screenshots: Provided, showing two different removal dates for Web3Auth in Facebook settings for the same user account.
User Impact: Users cannot access their previous wallets and did not back up their secret keys. They confirmed they do not have multiple Facebook accounts.
Key Details & Analysis
Wallet Address Derivation: Web3Auth (and Torus) derive wallet addresses using a combination of the user’s unique identifier (like Facebook user ID) and the Facebook App ID.
Facebook App Change: If the underlying Facebook App used for authentication changes, the user ID provided by Facebook will also change (since it’s app-specific). This results in a different wallet address being generated for the same Facebook account.
Screenshots Evidence: The two removal dates and potentially different app names in the Facebook settings suggest that the Facebook App used for Web3Auth login might have changed recently.
Next Steps & Recommendations
Confirm Facebook App IDs Used:
Can you confirm if there was a recent change or update to the Facebook App ID used in your Web3Auth configuration? This is the most likely cause for the wallet address change.
If you have access to your previous and current Web3Auth/Facebook App configurations, please check the App IDs.
User Recovery Options:
Unfortunately, if the Facebook App ID has changed and users did not back up their secret keys, there is no way to recover access to the original wallet addresses. The addresses are mathematically tied to the original Facebook App ID + user ID combination.
You may want to communicate this to affected users and encourage key backups for future use.
Documentation Reference:
Please see the Web3Auth Social Login FAQ for more details on why wallet addresses can change with social logins.
For the Support Team:
Please check if there have been any recent changes to the Facebook App integration or if multiple Facebook App IDs are active.
If further investigation is needed, reviewing the app IDs in the user’s Facebook settings (from the screenshots) may help.
If you have any more details about recent changes to your Facebook App configuration or your Web3Auth setup, please share them here. This will help us confirm the root cause and provide more tailored guidance.
Let me know if you have any other questions or need help with next steps!
Note: This response was generated by an AI bot and may require further verification. The Web3Auth support team has tracked this issue and will be responding as soon as possible.
Additionally, we would recommend you to join our biweekly Office Hours to get this resolved even faster. Web3Auth Developer Office Hours
I understand it’s not actively maintained and less people use Facebook loginfor Torus/Web3Auth, however, if the above issue is really happening, it is a serious problem.
I tried to look deeply into this issue. Here are my findings:
Web3Auth hasn’t changed any app id/ connection of the facebook side. It is the same from the time we started.
The reason you might be seeing 2 of them is because one belongs to Torus Wallet, and one might belong to Web3Auth’s demo apps/ other applications using Web3Auth, which use a separate app id than Torus Wallet
The key remains the same, even after you remove it and relogin afterwards. I checked it manually by deleting my facebook connection and relogging in later.
What seems possible in my opinion is that the user might have logged in using a different account/ or login connection (like google, email passwordless etc.) and expecting the same address to be there within the Torus Wallet. Every single individual connection and account will give you a different key from our side. It is not grouped/ aggregated from our end.
Let me know if you get to know more details about the issue.
