React Native SDK enableMFA() fails with "Missing domain"

Help - Plug n Play PnP React Native SDK
1

Hi,

Getting “Invalid params for jwt login. Missing domain” when calling enableMFA() and tapping “continue with JWT”.


      this.web3authInstance = new Web3Auth(WebBrowser, secureStoreWrapper, {
        clientId: WEB3AUTH_CLIENT_ID,
        network: (WEB3AUTH_NETWORK_ENV as any) || WEB3AUTH_NETWORK.SAPPHIRE_DEVNET,
        redirectUrl: REDIRECT_URL, // matches app.json scheme
        privateKeyProvider,
        loginConfig: {
          jwt: {
            verifier: WEB3AUTH_VERIFIER,
            verifierSubIdentifier: WEB3AUTH_SUB_VERIFIER,
            typeOfLogin: 'jwt',
            clientId: WEB3AUTH_CLIENT_ID,
          },
        },
        useCoreKitKey:true,
        enableLogging: true,
      });
      await this.web3authInstance.init();
      await this.web3authInstance.login({
        loginProvider: LOGIN_PROVIDER.JWT,
        mfaLevel: 'optional',
        extraLoginOptions: {
          id_token: userJwtToken,
          verifierIdField: 'sub',
          domain: WEB3AUTH_DOMAIN, // <- tried also without this parameter
          isUserIdCaseSensitive: false
        },
        curve: 'secp256k1',
        dappShare: 'true',
        
      });
     await this.web3authInstance.enableMFA()

I also tried with this, but it seems to want to visit the domain for some reason in the WebView (web3auth webview opens the given domain):

        // Call login AGAIN even if already logged in, to inject jwt, before calling enableMfa
        await this.web3authInstance.login({
          loginProvider: LOGIN_PROVIDER.JWT,
          mfaLevel: 'optional' as any,
          extraLoginOptions: {
            id_token: idToken,
            verifierIdField: 'sub',
            domain: WEB3AUTH_DOMAIN,
            isUserIdCaseSensitive: false,
          },
          curve: 'secp256k1',
          dappShare: 'true',
        })

      await this.web3authInstance.enableMFA()

I can set up MFA in the login flow (when mfa set to ‘optional’), but I dont want to have the setup in the login flow, I want to add a button in Settings to “Enable MFA”.

2

Thanks for the detailed report! Here’s a summary of your issue for the support team, along with some initial suggestions:

Issue Summary

  • SDK: Web3Auth Plug and Play (PnP) React Native SDK
  • Platform: React Native (assumed, please specify iOS/Android if relevant)
  • Integration Type: Custom JWT login (using loginProvider: JWT)
  • Problem:
    When calling enableMFA() after a successful JWT login, you get the error:

    “Invalid params for jwt login. Missing domain”
    This occurs even when passing the domain parameter in extraLoginOptions.
    Additionally, when you try to call login again before enableMFA, the WebView opens the domain URL, which is not the desired behavior.

  • Goal:
    You want to allow users to enable MFA from a “Settings” screen, not during the login flow.

Provided Details

  • Initialization & Login Code:
    You provided code snippets for both initialization and login, including the use of extraLoginOptions with domain, id_token, etc.
  • Verifier Details:
    • verifier: Custom verifier (JWT)
    • verifierSubIdentifier: Provided
    • domain: Provided in extraLoginOptions
  • MFA Flow:
    • Works if mfaLevel: 'optional' is set during login (i.e., in login flow)
    • Fails when trying to trigger enableMFA() separately

Follow-up Questions

To help the support team further, could you please clarify:

  1. SDK Version: Which version of the PnP React Native SDK are you using?
  2. Platform: Is this on iOS, Android, or both?
  3. JWT Details:
    • Are you using a public JWKS endpoint, or is it a self-signed JWT?
    • If possible, please share a sample (redacted) JWT and your JWKS endpoint (if public).
  4. Console/Error Logs:
    • If you have any browser console or debug logs/screenshots from the WebView, please attach them.

Initial Suggestions

  • Domain Parameter:
    For JWT logins, the domain in extraLoginOptions must match the domain configured in your Web3Auth dashboard for your custom verifier. Double-check that the value matches exactly.

  • Separate MFA Setup:
    The enableMFA() method is intended to trigger the MFA setup UI after a user is already logged in. However, with JWT, the session may require a fresh JWT or may not persist as expected.

    • Try calling enableMFA() immediately after a successful login (without a second login call) and ensure the session is still valid.
    • If the session is lost, you may need to pass a fresh, valid JWT token.

  • Reference Docs:

Let us know the answers to the above questions, and if you can share any logs or screenshots, that would be very helpful for troubleshooting!

Note: This response was generated by an AI bot and may require further verification. The Web3Auth support team has tracked this issue and will be responding as soon as possible.

Additionally, we would recommend you to join our biweekly Office Hours to get this resolved even faster. Web3Auth Developer Office Hours

3
  1. Self signed JWT
  2. Domains match
  3. React Native SDK 8.1.0
  4. iOS and Android both