JWS SIGNATURE VERIFICATION error for server side verification on Phantom wallet

zhew1991 · November 23, 2024, 6:31am

After connecting with Phantom (Solana), the client side pass up the auth token to server, and then getSolanaAddressFromWalletToken gets called.

However jose.jwtVerify in my code errors out. It says ERR_JWS_SIGNATURE_VERIFICATION_FAILED

async function getSolanaAddressFromWalletToken(idToken: string): Promise<string | null> {
  const jwks = jose.createRemoteJWKSet(new URL("https://authjs.web3auth.io/jwks"))

  let solanaAddress
  try {
    const jwtDecoded = await jose.jwtVerify(idToken, jwks, { algorithms: ["ES256"] })
    solanaAddress = (jwtDecoded.payload as any).wallets.find((x: { type: string }) => x.type === "solana").address
  } catch (e) {
    logger.error("failed to decode from wallet auth token", {idToken, e})
    console.log(e)
  }

  return solanaAddress
}

w3abot · November 23, 2024, 6:34am

Thank you for reaching out! It looks like you’re encountering a JWS signature verification error while trying to verify the idToken received from the Phantom wallet. Here’s a summary of the details you provided, which will help the support team assist you better:

Issue Details:

SDK Details: Help - Plug n Play
Error: JWS SIGNATURE VERIFICATION failed in jose.jwtVerify.
Platform: Phantom wallet (Solana)
idToken: [Provided JWT token]

Code Snippet:

async function getSolanaAddressFromWalletToken(idToken: string): Promise<string | null> {
  const jwks = jose.createRemoteJWKSet(new URL("https://authjs.web3auth.io/jwks"))

  let solanaAddress
  try {
    const jwtDecoded = await jose.jwtVerify(idToken, jwks, { algorithms: ["ES256"] })
    solanaAddress = (jwtDecoded.payload as any).wallets.find((x: { type: string }) => x.type === "solana").address
  } catch (e) {
    logger.error("failed to decode from wallet auth token", {idToken, e})
    console.log(e)
  }

  return solanaAddress
}

Proposed Solution:

Ensure that the idToken being passed is indeed valid and correctly structured. You can use jwt.io to inspect the token.
Verify that the JWKS endpoint is correctly configured and accessible. Check if there may be network issues affecting the request to the JWKS URL.
Confirm that the contents of the idToken’s header match the expected algorithm (ES256 in your code).

If you have any screenshots from your browser console related to this error or additional information, feel free to share. This can help in diagnosing the issue further. The support team will look into this and assist you as soon as possible!

Note: This response was generated by an AI bot and may require further verification. The Web3Auth support team has tracked this issue and will be responding as soon as possible.

system · November 25, 2024, 6:35am

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.