Having the wallet address a part of the idtoken

I'm not sure if that's possible but it would be very useful to have the wallet address be a part of the id token and JWT.

Our use case is a complex onboarding process and it'll be helpful to use the verified JWT for authentication, and base it on wallet address rather than an email.

Originally posted by: shayg-grappa

Check the discussion at: https://github.com/orgs/Web3Auth/discussions/1306

Hey there,

We currently provide the public key which can be used to derive an addresses for the chain which you're on

https://betterprogramming.pub/understanding-ethereum-cryptography-3ef7429eddce this might be helpful here

Originally posted by: YZhenY

10x for your help, we did manage to extract the address from the public key

Originally posted by: shayg-grappa

you could decode the idToken and get the wallet-> public_key

Originally posted by: ieow

This would be great to document in the server side verification, took a while to find. I guess changing the curve will let obtain other chains' public addresses (such as Solana) in this case.

Originally posted by: grabbou

Please note that the public key is compressed. It took me few hours to study the keccak and eliptical curvers and how it is even possible to do the compression. Afterwards I noticed that the resulting address had different case than the one I generated, so I have had to learn about the “checksum” address.

So it was a great learning episode about the Ethereum essentials in the end… but for those who just need a solution, here is the code I ended up with:

import eth_utils
from coincurve import PublicKey

def derive_wallet(public_key: str) -> str:
    """Derives Ethereum wallet address from either compressed or uncompressed public key."""
    # Ethereum wallet address is represented by the last 20 bytes from the
    # keccak256 hex digest of the uncompressed public key.
    # Public keys are prepended with a single byte to indicate if they are
    # compressed or uncompressed. This means we first need to get the
    # uncompressed 65 byte key (compressed=False) and then strip the first byte
    # ([1:]) to get our 64 byte Ethereum public key.
    # https://www.arthurkoziel.com/generating-ethereum-addresses-in-python/
    uncompressed_key = PublicKey(bytes.fromhex(public_key)).format(compressed=False)[1:]
    keccak_digest = eth_utils.keccak(uncompressed_key)
    return eth_utils.to_checksum_address(f"0x{keccak_digest[-20:].hex()}")

I got an in correct address.

by public key you mean -
iss: ‘https://api.openlogin.com’,

  wallets: [
      public_key: '02e44fbf4fc567cccdac53dc73ac7660312c1dd3a9205017089ea56276a643d7d4',
      type: 'web3auth_app_key',
      curve: 'secp256k1'