Twitch and Twitter logins on shared verifier seem to be broken

rafael.korbas · January 25, 2024, 8:41pm

I’m trying to connect with Twich and Twitter against the shared verifier and after I confirm the login on the respective provider, torus site shows me a “Could not get result from torus nodes”. This can be reproduced also on the Torus wallet https://app.tor.us/ - is this a wider issue?

When I investigated the requests, it seems that the request to https://metadata.tor.us/get_or_set_nonce is failing with an error 500, this is the response payload

{"error":{"message":"pub nonce value is null"},"success":false}

Other providers like Google or Facebook work fine for me

vjgee · January 26, 2024, 3:30am

@rafael.korbas Thanks for your recent communication.

Unfortunately, I was unable to replicate the issue you are describing on app.tor.us with Twitch & Twitter and was able to login without any issues.

Is this happening only with your Twitch & Twitter accounts? Are you able to login directly to Twitch and Twitter websites?

Could you please share verifier, verifier_id/email you are facing the issue with?

Please provide the screenshot of the entire console logs from the error page you land on.

rafael.korbas · January 26, 2024, 8:27am

@vjgee I keep getting the error, this is the failing request

curl 'https://metadata.tor.us/get_or_set_nonce' \
  -H 'authority: metadata.tor.us' \
  -H 'accept: */*' \
  -H 'accept-language: en-GB,en-US;q=0.9,en;q=0.8' \
  -H 'content-type: application/json; charset=utf-8' \
  -H 'origin: https://auth.web3auth.io' \
  -H 'priority: u=1, i' \
  -H 'sec-ch-ua: "Chromium";v="119", "Not?A_Brand";v="24"' \
  -H 'sec-ch-ua-mobile: ?0' \
  -H 'sec-ch-ua-platform: "macOS"' \
  -H 'sec-fetch-dest: empty' \
  -H 'sec-fetch-mode: cors' \
  -H 'sec-fetch-site: cross-site' \
  -H 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36' \
  -H 'x-api-key: torus-default' \
  --data-raw '{"pub_key_X":"501cd314da7b02ae08330b88fd3ff1dc23146effe99f0cdc1e2b6b9f04b6de19","pub_key_Y":"c92c782af3f8fa4d065d4282eba44fa142831839dae23fafa6fda47e6afbb697","set_data":{"data":"getNonce","timestamp":"65b36c50"},"signature":"j7vGb0LpDB35yn3IkvymAQLV0Xn2G90s4lrNU5brbKzZzDw9b3LYqD3H+o2OadbKnctXvF3IAI15s40oKi60mAA="}' \
  --compressed

and the response:

{"error":{"message":"pub nonce value is null"},"success":false}

The request asking for verifier id and the public info is the following:

curl 'https://fnd.web3auth.io/node-details?network=mainnet&verifier=tkey-auth0-twitter&verifierId=twitter|2837270297' \
  -H 'authority: fnd.web3auth.io' \
  -H 'accept: */*' \
  -H 'accept-language: en-GB,en-US;q=0.9,en;q=0.8' \
  -H 'if-none-match: W/"75d-IFWThLjKdipMZbf9Vxcgv3I8coY"' \
  -H 'origin: https://auth.web3auth.io' \
  -H 'priority: u=1, i' \
  -H 'sec-ch-ua: "Chromium";v="119", "Not?A_Brand";v="24"' \
  -H 'sec-ch-ua-mobile: ?0' \
  -H 'sec-ch-ua-platform: "macOS"' \
  -H 'sec-fetch-dest: empty' \
  -H 'sec-fetch-mode: cors' \
  -H 'sec-fetch-site: same-site' \
  -H 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36' \
  --compressed

Could you please check what could be the issue here? If you need any more info to investigate, I can provide it

I’m not completely sure right now, but at some moment in the past I think web3auth asked me to set a second factor (passphrase/password), however, if that was the case, I didn’t get the chance to insert it during these failed logins, it just failed

vjgee · January 26, 2024, 8:31am

And this happens only on app.tor.us correct?

Do you have a Dapp URL so I can check the behavior from my side?

rafael.korbas · January 26, 2024, 8:34am

It happens to me on app.tor.us, but also on our wallet https://wallet.nu.fi/ which uses the no-modal PnP integration and shared verifier to log in through twitter (i.e. the same verifier/network, if I’m not mistaken)

vjgee · January 26, 2024, 8:51am

Please share your package.json file

rafael.korbas · January 26, 2024, 9:13am

web3auth/torus dependencies we have in the project

{
  "dependencies": {
    ...
    "@toruslabs/fetch-node-details": "^13.1.1",
    "@toruslabs/torus.js": "^12.1.0",
    ...
    "@web3auth/base": "^7.0.1",
    "@web3auth/base-provider": "^7.0.1",
    "@web3auth/no-modal": "^7.0.1",
    "@web3auth/openlogin-adapter": "^7.0.1",
    "@web3auth/single-factor-auth": "https://github.com/nufi-official/single-factor-auth-web/releases/download/discord_support/web3auth-single-factor-auth-7.2.2.tgz",
  }
}

relevant login code


import {Web3AuthNoModal} from '@web3auth/no-modal'
import {OpenloginAdapter, OpenloginUserInfo} from '@web3auth/openlogin-adapter'
import {CHAIN_NAMESPACES, WALLET_ADAPTERS} from '@web3auth/base'
import {CommonPrivateKeyProvider} from '@web3auth/base-provider'


const chainConfig = {
  chainNamespace: CHAIN_NAMESPACES.OTHER,
  // these are just dummy values, they are not used,
  // but without them Web3Auth throws an error
  chainId: '0x1',
  rpcTarget: 'https://dummy.target',
  displayName: '',
  blockExplorer: '',
  ticker: '',
  tickerName: '',
}

const web3Auth = new Web3AuthNoModal({
  clientId: web3AuthClientId,
  web3AuthNetwork,
  chainConfig,
  sessionTime,
})
const privateKeyProvider = new CommonPrivateKeyProvider({
  config: {chainConfig},
})

const openloginAdapter = new OpenloginAdapter({
  privateKeyProvider,
  adapterSettings: {
    clientId: web3AuthClientId,
    network: web3AuthNetwork,
    uxMode: 'popup',
  },
})
web3Auth.configureAdapter(openloginAdapter)

await web3Auth.init()
  
if (web3Auth.connected) {
  await web3Auth.logout()
}

const provider = await web3Auth.connectTo(WALLET_ADAPTERS.OPENLOGIN, {
  mfaLevel: 'none', // Pass on the mfa level of your choice: default, optional, mandatory, none
  loginProvider,
})

const privateKey = Buffer.from(
  (await web3Auth.provider!.request({
    method: 'private_key',
  })) as string,
  'hex',
)
const userInfo = await web3Auth.getUserInfo()

return {
  privateKey,
  userInfo,
}

rafael.korbas · January 26, 2024, 9:30am

The error I get on https://solana.tor.us while logging in thorugh twitter is more explicit:

Unable to detect login share from the Auth Network. This may be due to slow internet connection. Check your internet speed and try again. If you're using a vpn, please turn it off.

While the same request fails in the background. So I guess it may have something to do with the metadata of my particular account being corrupted, though I’m wondering how and if there’s a way to fix it (or at least avoid it for other users, which of course bothers us more). I think the web3auth popup at some point “asked” me to set the second factor (and I’ve seen no option to skip it), maybe on first login, though if that’s the case, I don’t understand why, because we have set mfaLevel: 'none' explicitly in our code

vjgee · January 26, 2024, 2:18pm

@rafael.korbas Please navigate to the left hand side Menu . Scroll down to find Messages > Inbox > New Message . I’ve sent you a DM to share securely your Twitch user name and Twitter handle details so our team can check.

vjgee · January 29, 2024, 3:24am

I noticed you are using some outdated packages. Could you please upgrade them to the latest versions:

“@web3auth/base”: “^7.3.1”,
“@web3auth/base-provider”: “^7.3.1”,
“@web3auth/no-modal”: “^7.3.1”,
“@web3auth/openlogin-adapter”: “^7.3.1”,

Please also mention which web3AuthNetwork is your Dapp https://wallet.nu.fi/ configured?

rafael.korbas · January 29, 2024, 9:48am

@vjgee - https://wallet.nu.fi is configured for legacy mainnet. Sure I can update the packages, though https://app.tor.us is failing in the same way for me (as it uses the same network/verifiers, as far as I know and observed). Actually, I was pasting the failed requests/error messages primarily from there, not from https://wallet.nu.fi

vjgee · January 29, 2024, 10:01am

Yes, I have shared your account details for Twitter and Twitch for our team to check. However, I was able to replicate the MFA behavior with my Twitch account on your Dapp initially and now I cannot login to app.tor.us with the same account , get the same error https://metadata.tor.us/get_or_set_nonce . I did not face the issue with Twitter.

I will await your reply on the behavior after upgrading package versions.

rafael.korbas · January 29, 2024, 1:25pm

I see, we deployed our wallet with the libs above updated to v7.3.1 on staging which is configured for the same web3auth network, so you can try it there. I shared our staging environment URL in the private thread

I tried logging in with my twitter account there and it still fails with the same error. I also created another twitter account but I wasn’t able to reproduce the issue again with that new account, web3auth just let me log in with no issues without prompting me to setup a backup share

rafael.korbas · January 31, 2024, 8:48am

@vjgee did you have any progress finding the root cause/fix with our staging app updated to the latest version of web3auth libs? The production version still has 7.0.1 libs. Just curious - what were the steps to reproduce the issue on your end?

vjgee · January 31, 2024, 8:53am

Our team are working on it and will get back once there is an update.

Thanks for your patience.

vjgee · February 1, 2024, 9:41am

@rafael.korbas Could you let me know if you have funds on your Twitter and Twitch account?

rafael.korbas · February 1, 2024, 9:47am

@vjgee I don’t have any funds there. Of course I can’t completely rule out that other users were impacted, however nobody reached our support in relation to that so far

vjgee · February 23, 2024, 8:27am

@rafael.korbas Our team have fixed the accounts you communicated privately and you should not receive the pub nonce value is null error now and you should be able to login with the second factor.