Preventing Private Key Transmission via JWT in Web3Auth when doing WebGL builds

philh · November 8, 2023, 2:24am

Dear Web3Auth Support Team,

I hope this message finds you well. I am a developer using the latest version of Web3Auth for Unity 2022.3.x.

I have encountered an issue where, after successful authentication with Web3Auth, the private key of the user is being transmitted via the JWT token in the URL. This is a concern for me, as I would prefer to receive only the token ID, public key, and other necessary information.

I would like to request assistance in finding a solution to prevent the transmission of the private key via the JWT token in the URL. It is crucial for the security of our application that private keys are not exposed in this manner.

I greatly appreciate your attention to this matter and look forward to any guidance or recommendations you can provide.

Thank you for your assistance.

vjgee · November 8, 2023, 6:38am

@philh Welcome Aboard!

Your request is under review and we will get back.

vjgee · November 8, 2023, 7:09am

Could you please share an example of the private key in the URL ?

gaurav · November 8, 2023, 8:07am

@philh use web3Auth.getUserInfo() method to get Userinfo schema only.

philh · November 8, 2023, 10:09am

[Doc] Using of PnP Unity SDK | Documentation | Web3Auth

Build from Web3AuthSample [Unity]

After authenticating, web3auth returns to my game with jwt on the url which contains all user information including private key.

@gaurav
@vjgee
Looking forward to your feedback!

gaurav · November 8, 2023, 1:59pm

@philh That happens only in case of unity editor only and not while using native Android and iOS.

philh · November 8, 2023, 11:26pm

@gaurav
I’m encountering problems with WebGL builds when running them on different platforms like PC, Android, and iOS. It seems to be a specific issue related to WebGL builds, rather than Android and iOS apps.

philh · November 15, 2023, 2:33am

Someone please help me please T_T !!!

vjgee · November 16, 2023, 5:13am

@philh Our Dev team are working on this issue and is taking more time than expected. Please be patient and we will get back when there is a meaningful update to share.

philh · November 17, 2023, 3:09am

@vjgee Thank you for the update. I understand it’s taking more time than anticipated. I appreciate your efforts and patience in resolving this issue. Looking forward to hearing from you when there’s a meaningful update to share. Thank you

system · December 1, 2023, 3:10am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

vjgee · January 5, 2024, 7:14pm

TomTom · February 7, 2024, 7:42pm

hi @philh & @gaurav

I have just tested and I’m not receiving the private key. could you check again if the problem continues ?