Help Needed: Aggregate Verifier Resulting in Different Ethereum Addresses

luca · August 28, 2024, 2:00pm

Hello Web3Auth community,

I’m encountering an issue with my aggregate verifier setup and I’m hoping someone can help me resolve it.

Current Setup

I’ve set up a verifier with Google and email passwordless authentication following the guide at: https://web3auth.io/docs/auth-provider-setup/aggregate-verifier

Technical Details:

SDK Version:
- “@web3auth/ethereum-provider”: “^8.6.2”
- “@web3auth/react-native-sdk”: “^6.0.0”
Platform: React Native
Verifier Name: aurea-aggregate-verifier

Initialization code (with sensitive data removed):

async initialize() {
    if (!this.web3auth) {
      this.web3auth = new Web3Auth(WebBrowser, EncryptedStorage, {
        clientId: "YOUR_CLIENT_ID",
        redirectUrl: "YOUR_REDIRECT_URL",
        network: OPENLOGIN_NETWORK.SAPPHIRE_DEVNET,
        loginConfig: {
          google: {
            verifier: 'aurea-aggregate-verifier',
            verifierSubIdentifier: 'google-sub-verifier',
            typeOfLogin: 'google',
            clientId: "YOUR_GOOGLE_CLIENT_ID",
          },
          emailpasswordless: {
            verifier: 'aurea-aggregate-verifier',
            verifierSubIdentifier: 'email-sub-verifier',
            typeOfLogin: 'jwt',
            clientId: "YOUR_JWT_CLIENT_ID",
            jwtParameters: {
              domain: "YOUR_DOMAIN",
              verifierIdField: 'email',
              isVerifierIdCaseSensitive: false,
            },
          },
        },
      });
      await this.web3auth.init();
    }
    return this.web3auth;
  }

Issue

Despite following the guide and setting up the aggregate verifier, I’m experiencing an unexpected behavior:

When I use the same email to authenticate via Google, I get one Ethereum address.
When I use the same email to authenticate via passwordless email, I get a different Ethereum address.

I expected to receive the same Ethereum address regardless of the authentication method used, given that I’m using the same email address and an aggregate verifier.

Questions

What could be causing this discrepancy?
Are there any specific configuration steps I might have missed?
Could there be an issue with my initialization code or the way I’ve set up the loginConfig?
Are there any known issues or limitations when using aggregate verifiers with React Native?

Any insights or guidance would be greatly appreciated. If you need any additional information or logs, please let me know and I’ll be happy to provide them. Thank you in advance for your help!

w3abot · August 28, 2024, 2:01pm

Hi Luca,

Thank you for reaching out to the Web3Auth community. I understand the challenges you’re facing with the varying Ethereum addresses when using different authentication methods via the aggregate verifier.

Here’s a breakdown of the information you provided to help the support team better assist you:

SDK Details:

“@web3auth/ethereum-provider”: “^8.6.2”
“@web3auth/react-native-sdk”: “^6.0.0”

Platform:

React Native

Verifier Name:

aurea-aggregate-verifier

Issue Summary:
Despite using the same email for both Google and passwordless email authentication, you are receiving different Ethereum addresses.

Initialization Code:

async initialize() {
    if (!this.web3auth) {
      this.web3auth = new Web3Auth(WebBrowser, EncryptedStorage, {
        clientId: "YOUR_CLIENT_ID",
        redirectUrl: "YOUR_REDIRECT_URL",
        network: OPENLOGIN_NETWORK.SAPPHIRE_DEVNET,
        loginConfig: {
          google: {
            verifier: 'aurea-aggregate-verifier',
            verifierSubIdentifier: 'google-sub-verifier',
            typeOfLogin: 'google',
            clientId: "YOUR_GOOGLE_CLIENT_ID",
          },
          emailpasswordless: {
            verifier: 'aurea-aggregate-verifier',
            verifierSubIdentifier: 'email-sub-verifier',
            typeOfLogin: 'jwt',
            clientId: "YOUR_JWT_CLIENT_ID",
            jwtParameters: {
              domain: "YOUR_DOMAIN",
              verifierIdField: 'email',
              isVerifierIdCaseSensitive: false,
            },
          },
        },
      });
      await this.web3auth.init();
    }
    return this.web3auth;
  }

Questions:

What could be causing the discrepancy in receiving different Ethereum addresses?
Are there any specific configuration steps that might have been missed?
Could there be issues with the initialization code or the setup of loginConfig?
Are there any known issues or limitations with aggregate verifiers in React Native?

Next Steps:

Verifier Configuration:
- Ensure the verifier configuration for both Google and email passwordless authentication are correctly aligned with the aggregate verifier setup.
Verification Fields:
- Double-check that the field used to identify the email (verifierIdField) is consistent and correctly set up across different authentication methods.
Aggregate Verifier Setup:
- It might be useful to review the aggregate verifier setup in the Web3Auth dashboard to ensure it is configured correctly.

Providing this information should help the support team diagnose the issue more effectively. They might request additional information or logs to pinpoint the issue further.

This response was generated by the Web3Auth Bot. A member of the Web3Auth team will review your query and provide detailed assistance soon.

Thank you for your patience!

Best regards,
Web3Auth Bot

luca · August 28, 2024, 2:08pm

Example JWT token:

google:

eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IlRZT2dnXy01RU9FYmxhWS1WVlJZcVZhREFncHRuZktWNDUzNU1aUEMwdzAifQ.eyJpYXQiOjE3MjQ4NTM5NzMsImF1ZCI6IkJNLWFpOVdQdTBnQjdMYnFxU0MtVGFDZVh4YlQ2RUpOdHVpbldHTVBfSjVUOWttazU3OXJzcE5FaWVCck81X3ZnVkpySlAzbWxCXzlnQldFVzZScVQtYyIsIm5vbmNlIjoiMDM5ZDljYjIxM2E2Yzg2NTNkYTc3NTk0M2VhMmFlMjg5MTVhMDg4MDM1NzViYjE5OThmNGI0M2VmMTc5Yzg0MTU3IiwiaXNzIjoiaHR0cHM6Ly9hcGktYXV0aC53ZWIzYXV0aC5pbyIsIndhbGxldHMiOlt7InB1YmxpY19rZXkiOiIwM2QwYzFhODUyZmJkNTI5ZmY1MjEzZjg1YTJkMWM3NWIzZGQ5NTJiZTFkZTIyZGQ0ZGNkMDc5NmZhMjA0ZDJhOTUiLCJ0eXBlIjoid2ViM2F1dGhfYXBwX2tleSIsImN1cnZlIjoic2VjcDI1NmsxIn0seyJwdWJsaWNfa2V5IjoiMDJlODI3ZDY1OTA2NjM5ZWM0MmRkZDE3Y2YzYjhjYTk5MGIzMmM1YzUwZTY4YTExNGM5ZmU3YjdhNmRiMjE5ODVjIiwidHlwZSI6IndlYjNhdXRoX3RocmVzaG9sZF9rZXkiLCJjdXJ2ZSI6InNlY3AyNTZrMSJ9XSwiZW1haWwiOiJpbmZvQGx1Y2FkaWRvbWVuaWNvLmRldiIsIm5hbWUiOiJMdWNhIERpIERvbWVuaWNvIiwicHJvZmlsZUltYWdlIjoiaHR0cHM6Ly9saDMuZ29vZ2xldXNlcmNvbnRlbnQuY29tL2EvQUNnOG9jTG55czlMdDBEM2Y0ZnlTODI0bVU2N0ItR0ViOUFOVExYNDlHRlY5YXRSWm1QNUlRPXM5Ni1jIiwidmVyaWZpZXIiOiJnb29nbGUtc3ViLXZlcmlmaWVyIiwidmVyaWZpZXJJZCI6ImluZm9AbHVjYWRpZG9tZW5pY28uZGV2IiwiYWdncmVnYXRlVmVyaWZpZXIiOiJhdXJlYS1hZ2dyZWdhdGUtdmVyaWZpZXIiLCJleHAiOjE3MjQ5NDAzNzN9.U4N9tEe0xJ40JK775RiLU5LK_gOCJm1pGYaCZ1R8ytYPLtRAOxfdh6ZPxKwsHxsRs4Ikx6uUGPRWy-HmloJT2w

email_passwordless

eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IlRZT2dnXy01RU9FYmxhWS1WVlJZcVZhREFncHRuZktWNDUzNU1aUEMwdzAifQ.eyJpYXQiOjE3MjQ4NTQwMzksImF1ZCI6IkJNLWFpOVdQdTBnQjdMYnFxU0MtVGFDZVh4YlQ2RUpOdHVpbldHTVBfSjVUOWttazU3OXJzcE5FaWVCck81X3ZnVkpySlAzbWxCXzlnQldFVzZScVQtYyIsIm5vbmNlIjoiMDM4ZjUzODdiODI3OWExNDczY2QxY2VmMzZkZTQ4OTgxMDc3YTZmMzk3M2EzM2FmZmI1MTk4ODQyZGJhYzJjZmIxIiwiaXNzIjoiaHR0cHM6Ly9hcGktYXV0aC53ZWIzYXV0aC5pbyIsIndhbGxldHMiOlt7InB1YmxpY19rZXkiOiIwM2IyZTJhNDUwZWQxYmFmY2VjOGQ5MTYwN2IzNzA3MDliYjFiMTcwNTE2YjM1MjBjYTA3ZDE5NmJkZDNjYjFiN2UiLCJ0eXBlIjoid2ViM2F1dGhfYXBwX2tleSIsImN1cnZlIjoic2VjcDI1NmsxIn0seyJwdWJsaWNfa2V5IjoiMDIyMDFjZjdjYjM0Y2IxZDZhZjQ0NTIzNDdmMTNmYmM4Y2M4YmE2ZmM1MGU3Y2EwYzUyYTY0YmIxOTA3NDVkNjYxIiwidHlwZSI6IndlYjNhdXRoX3RocmVzaG9sZF9rZXkiLCJjdXJ2ZSI6InNlY3AyNTZrMSJ9XSwiZW1haWwiOiJpbmZvQGx1Y2FkaWRvbWVuaWNvLmRldiIsIm5hbWUiOiJpbmZvQGx1Y2FkaWRvbWVuaWNvLmRldiIsInZlcmlmaWVyIjoid2ViM2F1dGgiLCJ2ZXJpZmllcklkIjoiaW5mb0BsdWNhZGlkb21lbmljby5kZXYiLCJhZ2dyZWdhdGVWZXJpZmllciI6IndlYjNhdXRoLWF1dGgwLWVtYWlsLXBhc3N3b3JkbGVzcy1zYXBwaGlyZS1kZXZuZXQiLCJleHAiOjE3MjQ5NDA0Mzl9.n1OJg9t3pvj4hPRVWp31deZQXmFkiSovRozncOejpg4q4S-ewd-j17zA78ZJqiQhjAXLFkR7aeDwyrYlOOKZBg

maharshi · August 31, 2024, 1:43pm

luca:

eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IlRZT2dnXy01RU9FYmxhWS1WVlJZcVZhREFncHRuZktWNDUzNU1aUEMwdzAifQ.eyJpYXQiOjE3MjQ4NTQwMzksImF1ZCI6IkJNLWFpOVdQdTBnQjdMYnFxU0MtVGFDZVh4YlQ2RUpOdHVpbldHTVBfSjVUOWttazU3OXJzcE5FaWVCck81X3ZnVkpySlAzbWxCXzlnQldFVzZScVQtYyIsIm5vbmNlIjoiMDM4ZjUzODdiODI3OWExNDczY2QxY2VmMzZkZTQ4OTgxMDc3YTZmMzk3M2EzM2FmZmI1MTk4ODQyZGJhYzJjZmIxIiwiaXNzIjoiaHR0cHM6Ly9hcGktYXV0aC53ZWIzYXV0aC5pbyIsIndhbGxldHMiOlt7InB1YmxpY19rZXkiOiIwM2IyZTJhNDUwZWQxYmFmY2VjOGQ5MTYwN2IzNzA3MDliYjFiMTcwNTE2YjM1MjBjYTA3ZDE5NmJkZDNjYjFiN2UiLCJ0eXBlIjoid2ViM2F1dGhfYXBwX2tleSIsImN1cnZlIjoic2VjcDI1NmsxIn0seyJwdWJsaWNfa2V5IjoiMDIyMDFjZjdjYjM0Y2IxZDZhZjQ0NTIzNDdmMTNmYmM4Y2M4YmE2ZmM1MGU3Y2EwYzUyYTY0YmIxOTA3NDVkNjYxIiwidHlwZSI6IndlYjNhdXRoX3RocmVzaG9sZF9rZXkiLCJjdXJ2ZSI6InNlY3AyNTZrMSJ9XSwiZW1haWwiOiJpbmZvQGx1Y2FkaWRvbWVuaWNvLmRldiIsIm5hbWUiOiJpbmZvQGx1Y2FkaWRvbWVuaWNvLmRldiIsInZlcmlmaWVyIjoid2ViM2F1dGgiLCJ2ZXJpZmllcklkIjoiaW5mb0BsdWNhZGlkb21lbmljby5kZXYiLCJhZ2dyZWdhdGVWZXJpZmllciI6IndlYjNhdXRoLWF1dGgwLWVtYWlsLXBhc3N3b3JkbGVzcy1zYXBwaGlyZS1kZXZuZXQiLCJleHAiOjE3MjQ5NDA0Mzl9.n1OJg9t3pvj4hPRVWp31deZQXmFkiSovRozncOejpg4q4S-ewd-j17zA78ZJqiQhjAXLFkR7aeDwyrYlOOKZBg

I tried decoding both tokens, and they have different aggregateVerifier parameters. The Google one says "aggregateVerifier": "aurea-aggregate-verifier", while the email passwordless one says "aggregateVerifier": "web3auth-auth0-email-passwordless-sapphire-devnet".

Could you please share a screenshot of the aggregate verifier setup on your Web3Auth dashboard?

luca · September 10, 2024, 7:31am

Hi @maharshi, sorry for the delay in response but I was sick. Here is the setup:

maharshi · September 13, 2024, 3:30am

Hey @luca,

Could you please press the edit icon on the email passwordless verifier? I noticed you’ve created an Auth0 verifier. Have you correctly entered the client ID from the Auth0 dashboard, with the email passwordless connection turned on? For assurance, you can safely share the client ID here—Auth0 uses whitelisting strategies, so nobody can misuse the client ID unless the domain is whitelisted on your Auth0 dashboard.

If everything is set correctly on the Web3Auth dashboard, can you verify that your app is configured like this:

const web3auth = new Web3Auth(WebBrowser, EncryptedStorage, {
  clientId,
  network: OPENLOGIN_NETWORK.SAPPHIRE_MAINNET, // or other networks
  redirectUrl,
  useCoreKitKey: true,
  loginConfig: {
    google: {
      verifier: "aggregate-sapphire",
      verifierSubIdentifier: "w3a-google",
      typeOfLogin: "google",
      clientId: "519228911939-cri01h55lsjbsia1k7ll6qpalrus75ps.apps.googleusercontent.com",
    },
    auth0emailpasswordless: {
      verifier: "aggregate-sapphire",
      verifierSubIdentifier: "w3a-a0-email-passwordless",
      typeOfLogin: "jwt",
      clientId: "QiEf8qZ9IoasbZsbHvjKZku4LdnRC1Ct",
      jwtParameters: {
        domain: "https://web3auth.au.auth0.com",
        verifierIdField: "email",
        isVerifierIdCaseSensitive: false,
      },
    },
    auth0github: {
      verifier: "aggregate-sapphire",
      verifierSubIdentifier: "w3a-a0-github",
      typeOfLogin: "jwt",
      clientId: "hiLqaop0amgzCC0AXo4w0rrG9abuJTdu",
      jwtParameters: {
        domain: "https://web3auth.au.auth0.com",
        verifierIdField: "email",
        isVerifierIdCaseSensitive: false,
      },
    },
  },
});

Please make sure the fields for the aggregate verifiers are filled correctly.

luca · September 13, 2024, 2:13pm

hi @maharshi here is the code I’m using and the screenshot of the dashboard for the email verifier:

  async initialize() {
    if (!this.web3auth) {
      this.web3auth = new Web3Auth(WebBrowser, EncryptedStorage, {
        clientId,
        redirectUrl,
        network: OPENLOGIN_NETWORK.SAPPHIRE_DEVNET,
        loginConfig: {
          google: {
            verifier: 'aurea-aggregate-verifier',
            verifierSubIdentifier: 'google-sub-verifier',
            typeOfLogin: 'google',
            clientId:
              '<google-client-id>',
          },
          emailpasswordless: {
            verifier: 'aurea-aggregate-verifier',
            verifierSubIdentifier: 'email-sub-verifier',
            typeOfLogin: 'jwt',
            clientId: '9bRDzYY64sliL08XYDLU8PuSnMjlwcXC',
            jwtParameters: {
              domain: 'https://web3auth.au.auth0.com',
              verifierIdField: 'email',
              isVerifierIdCaseSensitive: false,
            },
          },
        },
      });
      await this.web3auth.init();
    }
    return this.web3auth;
  }

Screenshot:

Do you see any error? Because to me it seems all good. Email passwordless login is working, but the wallet address generated is different from what I get when I login in with the same email using the google login.

maharshi · September 14, 2024, 3:56am

Hey @luca, I noticed a potential issue in your code. When you open the Auth0 dashboard for the app with the client ID 9bRDzYY64sliL08XYDLU8PuSnMjlwcXC, you’ll likely find that the domain in your dashboard is different from https://web3auth.au.auth0.com. Please update your code accordingly and let me know if that resolves the issue.

luca · September 16, 2024, 1:26pm

Hey @maharshi, thanks for pointing this out! I’ve updated my code to use the domain in the Auth0 dashboard for email passwordless login. However, I see that the address generated still differs from the one I get when authenticating with Google. Is this because the users I’m using have been saved on the Web3Auth “backend” and the addresses are not generated again?

maharshi · September 16, 2024, 4:23pm

Hey @luca,

It doesn’t seem like an aggregation issue, but to help you resolve this faster, I’d recommend joining the Web3Auth office hours for a more detailed debugging session. You can join using this link. It’s a great way to get real-time support and troubleshoot your integration.

luca · September 18, 2024, 7:21am

thank you @maharshi, I’ll join for sure! Thanks