How metadata is secured?

Dear Web3Auth support team,

I learned from the doc that shareB (JWT) + metadata would be retrieved after Nodes’ permission

“reconstructing keys for existing users requires >½ of the nodes to be operating honestly”

  1. This is the flow for user logging in with shareB meaning users need JWT to get their shareB and metadata. Is that right?

  2. So how about when user reconstruct priKey with shareA + C, how metadata is retrieved now? Would it need the Nodes’ permission to do so? How is it happened?

  3. How about reconstructing priKey with shareA + C but there’s no deviceShare? When I get the metadata, it looks like my share A + C are in this metadata too. If #2Q is false, then without Node permission, whoever get my metadata can get my priKey?

  4. Because metadata seems like to be stored in centralized database. Could Nodes prevent metadata to be attacked?

Here is my tKey details without deviceShare, it has Passphrase + securityQuestions
Tkey details
“pubKey”: {
“x”: “947182f969e83bf1446162decc10cf56b6bea29ed91f69bca6c9e5a392e0960e”,
“y”: “e50932eff425901f5a38ba2fff6cc65ce4f22ea959c3075702a17108067bab5b”
“requiredShares”: -1,
“threshold”: 2,
“totalShares”: 3,
“shareDescriptions”: {
“f634ee495e034b5e85d5a7a98725b6e698165f726b72c52f571499ae8fdb626c”: [
“{"module":"Passphrase Module"}”
“a4b477d5b6465d68b2865eedb8a1dc5eaef3ccd699ce74cd47345e1338b8015”: [
“{"module":"securityQuestions","questions":"whats your PIN?","dateAdded":1684384414019}”

Thank you in advance.

Please provide the following details too when asking for help in this category:

  • SDK Version: ^7.0.0
  • Verifier Details:
    • Verifier Name: custom-jwt-verifier
    • JWKS Endpoint: http://localhost:5000/jwt
    • Sample idToken(JWT): “eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjQ2YjZlZTUwLWUyNWItMTFlZC1iNWVhLTAyNDJhYzEyMDAwMiJ9.eyJzdWIiOiIxZDdkZDExMC1mNTM1LTExZWQtOGRjMC00N2Q3MjE4MTQwMTciLCJuYW1lIjoiVmluaCBUcmFuIiwiZW1haWwiOiJ2aW5odHJhbkBnbWFpbC5jb20iLCJhdWQiOiJ1cm46bXktcmVzb3VyY2Utc2VydmVyIiwiaXNzIjoiaHR0cHM6Ly9teS1hdXRoei1zZXJ2ZXIiLCJpYXQiOjE2ODQzODQ2MTMsImV4cCI6MTY4NDM4ODIxM30.xT4F4X5SH7q9AGV3k4s72pqRE6zILNo-rWghsgcA-U3B8jqtoLqzQFbRuTL5_wqxP9GA7jRhbOGcG7xySQlVQ8GJShZgJDHlZ8QiSK7Ur93hsRnQ1nXEX92AviS4K3VgEVmIS9AikLUYxy9EJjRpAoixXIgkZvRVqtJX-KW4ixB-ZqgmU44B1cEja8JTzfHa5RRvia7XVuwjxTpdUFdQLOTzAmvhEavDDs_EKcXmY-vIfRbV2r9zSsODRGFWNscK8uT75sgK5vaDODSclm62idtxt4u54ovsmfGLHp3TCM5Hx_pcuiyu2sgPEe29s4JBsxC0dRcdyisojdmMAx0dlA”

@nhitran Thanks for your patience.

Your request has been submitted to our team. We will get back with further updates once more information becomes available.