Failed to verify jwt token

martinhoferreira10 · May 8, 2024, 10:15am

I am having the same issue of Failed to Log In.

JWKSNoMatchingKey: no applicable key found in the JSON Web Key Set

I am using the example in web3auth-core-kit-examples/single-factor-auth-web/sfa-web-aggregate-verifier-example at main · Web3Auth/web3auth-core-kit-examples · GitHub to generate the JWT token. I adapted the example to use the client IDs of my web3account and google credentials.

After getting the token ID using await web3authSfa.authenticateUser(), I validate the token using next code:

// Get the JWK set used to sign the JWT issued by Web3Auth
  const jwks = jose.createRemoteJWKSet(
    new URL('https://api-auth.web3auth.io/jwks')
  ); // for social logins
  // const jwks = jose.createRemoteJWKSet(
  //   new URL('https://api.openlogin.com/jwks')
  // );

  // Verify the JWT using Web3Auth's JWKS
  const jwtDecoded = await jose.jwtVerify(idToken, jwks, {
    algorithms: ['ES256'],
  });

I guess the problem happens because I am generating the token from a test environment. If this is the issue I can’t find the correct JWKS endpoint.

TomTom · May 8, 2024, 6:38pm

Hi @martinhoferreira10,

I hope you’re doing well. Please take a look at our documentation: Link to Documentation.

If you find that this documentation doesn’t provide the assistance you need, feel free to return here, and we’ll do our best to help you further.

martinhoferreira10 · May 8, 2024, 10:28pm

Hi @TomTom ,

That’s exactly the guide I followed. I don’t have a clue what may be wrong.

Btw, I tried again with the example code referred above with no alterations and the issue persists.

TomTom · May 9, 2024, 9:35am

but did you try with https://authjs.web3auth.io/jwks ?

martinhoferreira10 · May 9, 2024, 9:58am

That works! Thanks mate.

Documentation is a bit misleading though. I picked the JWT token from a session that was initialised with Google, so I assumed I needed to use the Social Login Verification endpoint.

martinhoferreira10 · May 9, 2024, 11:51am

@TomTom however, this token decoded doesn’t contain user information. I’d like to associate the wallet address with the email of user authenticated.

maharshi · May 14, 2024, 9:47am

Hey @martinhoferreira10,

Did you mention that you’re obtaining the idToken from Google? If so, are you using Firebase or direct Google login?

To ensure proper configuration, you’ll need to use JWKS (JSON Web Key Sets). You can find detailed instructions on how to create and set up JWKS here. We’ve provided the JWKS locations for Auth0, Firebase, Google, and AWS Cognito.