SFA fails with unable to verify jwt

mitevandon94 · October 16, 2024, 11:23am

Hey i do have OAuth sign in with clerk in my browser extension and from there i’m passing token to SFA in order to connect the user like this:

    const result = await this.web3auth.connect({
      verifier: "w3a-auth0-github",
      idToken,
      verifierId: sub
    })

I’m using public credentials from here https://github.dev/Web3Auth/web3auth-core-kit-examples/tree/main/single-factor-auth-web/sfa-web-custom-jwt-example

now the problem is that my jwt looks like this:

encoded: eyJhbGciOiJSUzI1NiIsImNhdCI6ImNsX0I3ZDRQRDExMUFBQSIsImtpZCI6Imluc18yblZtRjdma3h3 - Pastebin.com

decoded:

{
  "exp": 1729076972,
  "iat": 1729076912,
  "iss": "https://advanced-ray-31.clerk.accounts.dev",
  "nbf": 1729076902,
  "sid": "sess_2nVvvSS7AMYqcP8SXDkxRzCCIsv",
  "sub": "user_2nVmhEeNCAOrMHFeJOvZxAbe2xV"
}

and when I try to verify i do get:

Uncaught (in promise) Error: Error occurred while verifying params unable to verify jwt token, [failed to verify jws signature: failed to verify message: crypto/rsa: verification error failed to verify jws signature: failed to verify message: crypto/rsa: verification error]

i’m trying to understand is this problem coming from jwt it self that is provided by clerk or is it because i’m using the public configuration and it fails to decode it?

w3abot · October 16, 2024, 11:26am

Hello am3136#0! Thanks for reaching out and providing such detailed information about your issue.

From what you’ve shared, it seems you’re experiencing a problem with JWT verification while using the SFA Node SDK. Here’s a summary of the details for our support team:

SDK Details: SFA Node SDK
SDK Version: (not provided, please include if known)
Platform: (not provided, please mention if applicable)
Issue: Unable to verify JWT token when connecting with Web3Auth

Web3Auth Initialization Code Snippet:

const result = await this.web3auth.connect({
  verifier: "w3a-auth0-github",
  idToken,
  verifierId: sub
})

JWT Details:

Encoded JWT Link: Pastebin

Decoded JWT:

{
  "exp": 1729076972,
  "iat": 1729076912,
  "iss": "https://advanced-ray-31.clerk.accounts.dev",
  "nbf": 1729076902,
  "sid": "sess_2nVvvSS7AMYqcP8SXDkxRzCCIsv",
  "sub": "user_2nVmhEeNCAOrMHFeJOvZxAbe2xV"
}

Error Message:

Error occurred while verifying params unable to verify jwt token, [failed to verify jws signature: failed to verify message: crypto/rsa: verification error]

Regarding your question, the error you’re encountering could indeed stem from either the JWT itself or the verification setup. Here are a couple of things you might want to check:

Ensure that your JWT is properly signed with a public key that corresponds to the private key used by the issuer (Clerk in your case).
Verify if the public configuration utilized in your integration is correctly set up to accept this JWT.

If any additional specific details about your SDK version or platform arise, feel free to provide that, as it will help in troubleshooting further!

Looking forward to assisting you further!

Note: This response was generated by an AI bot and may require further verification. The Web3Auth support team has tracked this issue and will be responding as soon as possible.

mitevandon94 · October 16, 2024, 12:01pm

Yeah after configuring custom verifier on web3auth now everything is working

maharshi · October 23, 2024, 10:47pm

Hey @mitevandon94
You’re getting this error because the verifier you’ve used is the one from our demos and the JWT idToken you’re passing is your own. You might have to create a new verifier by keeping the iss as the validation field and put the value for that as https://advanced-ray-31.clerk.accounts.dev in the Web3Auth Dashboard for the verifier that you’ve created.
Here’s the section in docs that would be of assistance to you: https://web3auth.io/docs/auth-provider-setup/byo-jwt-provider/#set-up-custom-jwt-verifier