The verify function in the Server-Side Verification v10 example is not working as expected when using social login providers (e.g., Google, Facebook). While the login flow completes successfully on the client side, the server fails to properly verify the identity token, resulting in authentication errors or failed verification responses. I think the function to get the pubKey is not correct.
When asking for help in this category, please make sure to provide the following details:
- SDK Version(package.json): 10.0.0
- Platform: Web
- Browser Console Screenshots:
- If the issue is related to Custom Authentication, please include the following information (optional):
- Verifier Name:
- JWKS Endpoint:
- Sample idToken (JWT):
Also, kindly provide the Web3Auth initialization and login code snippet below. This will help us better understand your issue and provide you with the necessary assistance.
Thank you for sharing the details! Here’s a summary of your issue for the support team:
Issue Summary
- SDK: Web3Auth Plug and Play (PnP) Web SDK
- SDK Version: 10.0.0
- Platform: Web
- Problem: The Server-Side Verification v10 example’s verify function is not working as expected with social login providers (e.g., Google, Facebook). The client-side login flow completes, but server-side verification of the identity token fails, leading to authentication errors or failed verification responses. You suspect the function to get the pubKey may be incorrect.
- Browser Console Screenshots: Not provided
- Custom Authentication Details: Not specified (using social login providers)
Next Steps
To help the team diagnose the issue faster, could you please provide:
- The Web3Auth initialization and login code snippet you’re using on the client.
- (Optional) Any relevant server-side code for the verify function, especially how you’re fetching and using the pubKey.
- (Optional) Any error messages or logs from your server during the verification attempt.
Possible Solution & Resources
- Ensure you’re using the correct method to fetch the public key (pubKey) for the social provider and that the JWKS endpoint matches the provider (e.g., Google’s JWKS for Google logins).
- Double-check that you’re verifying the idToken with the correct audience and issuer as per the provider’s docs.
- Review the Server Side Verification Guide for v10 and compare your implementation.
If you can share the requested code snippets or error logs, the support team can provide more targeted help!
Let me know if you need guidance on how to extract or redact sensitive info before sharing code.
Note: This response was generated by an AI bot and may require further verification. The Web3Auth support team has tracked this issue and will be responding as soon as possible.
Additionally, we would recommend you to join our biweekly Office Hours to get this resolved even faster. Web3Auth Developer Office Hours
Hey @dev.dchain.share
Thanks a lot for pointing this issue out. I have fixed the example, you can move ahead with your implementation. The function to get pubKey was correct, the issue was the way we were verifying it. Feel free to open up a new issue as needed.
1 Like
Thank you! I’ve encountered two additional issues with the v10 login implementation from your example:
- Logout with External Wallet (MetaMask):
On the initial login, the MetaMask extension is detected correctly. However, after logging out and attempting to log in again, MetaMask is no longer recognized as an installed extension—the UI instead prompts to download it.
- Switching from Social Login to External Wallet:
After logging in with a social provider and then logging out, if I log in again using an external wallet, the useAccount hook from Wagmi doesn’t reflect the connected wallet address. It returns undefined.
Could you please help with resolving these two issues? I’d really appreciate your support!
I’m facing the same issues on my end as well