How to get idToken with both ed25519 and secp256k1 curve for server verification

Help - Core-Kit Single Factor Auth Web SDK
1

When asking for help in this category, please make sure to provide the following details:

  • SDK Version: “@web3auth/single-factor-auth”: “^9.5.0”
  • Platform: Web

I’m using Single Factor Auth (SFA) for my website. Previously, my website only supported the Ethereum network, so I used the Ethereum private key provider. For server-side verification, I used web3auth.authenticateUser() to obtain the idToken, and retrieved the eth_private_key to derive the appPubKey:

  const app_scoped_privkey = (await web3auth.provider?.request({
    method: "eth_private_key",
  })) as string;

  const app_pub_key = getPublicCompressed(
    Buffer.from(app_scoped_privkey.padStart(64, "0"), "hex")
  ).toString("hex");

   const { idToken } = await web3auth.authenticateUser();

However, I now want to support the Solana network on my website. The issue is that I cannot obtain the idToken when using the ed25519 curve. Here’s what I see when decoding the idToken:

wallets: [
    {
      public_key: '',
      type: 'web3auth_threshold_key',
      curve: 'secp256k1'
    }
  ],

As you can see, the ed25519 curve is missing.

In my mobile app, which uses the React Native SDK, I am able to achieve this using:

My mobile app uses react-native-sdk, and I can achieve it by using

    await web3auth.login({
      mfaLevel: "none",
      loginProvider: "jwt",
    
      curve:'other'
    });

How can I achieve the same behavior using the SFA Web SDK?

2

Thank you for your detailed question! Here’s a summary of your issue for the support team:

Issue Summary

  • SDK: Single Factor Auth Web SDK (@web3auth/single-factor-auth)
  • SDK Version: ^9.5.0
  • Platform: Web

Problem:
You want to obtain an idToken (JWT) from the SFA Web SDK that includes both the secp256k1 (Ethereum) and ed25519 (Solana) public keys for server-side verification.

  • With the current implementation, the JWT only contains the secp256k1 curve info.
  • On mobile (React Native SDK), you can set the curve parameter (e.g., curve: 'other') to obtain the ed25519 key in the JWT.
  • You are unable to find a similar way to do this on the Web SDK.

What you’ve tried:

  • Used web3auth.authenticateUser() to get the idToken.
  • Retrieved the Ethereum private key and derived the public key.
  • Decoded the JWT and see only the secp256k1 curve in the wallets array.

What you need:

  • A way to get the idToken (JWT) from the SFA Web SDK that includes the ed25519 curve (Solana public key), similar to how it works in the React Native SDK.

Next Steps & Suggestions

Based on the Web3Auth SFA Web SDK documentation, currently, the authenticateUser() method and the JWT it returns are designed to include the secp256k1 public key by default. The ability to specify the curve for the JWT (as you do in React Native) is not documented for the Web SDK.

  • Workaround: You can retrieve the ed25519 private key using getEd25519PrivKey() for signing on Solana, but this does not embed the ed25519 public key in the JWT.
  • Feature Parity: The curve parameter for JWT generation appears to be available in mobile SDKs but not in the Web SFA SDK.

Questions for the Support Team:

  • Is there a supported way (or workaround) to include the ed25519 public key in the JWT/idToken using the SFA Web SDK?
  • Is support for the curve parameter in JWT planned for the Web SDK, similar to mobile?
  • If not available, is there a recommended approach for server-side verification for Solana users authenticated via SFA Web SDK?

References for Support Team:

If you have any additional code snippets or JWT samples you’d like to share, please attach them.
Otherwise, we’ll wait for the support team’s guidance on this feature parity and possible workarounds!

Let me know if you have any other details to add or if you need references to similar community discussions.

Note: This response was generated by an AI bot and may require further verification. The Web3Auth support team has tracked this issue and will be responding as soon as possible.

Additionally, we would recommend you to join our biweekly Office Hours to get this resolved even faster. Web3Auth Developer Office Hours