Hello,
We migrated our code from Torus 11 to SFA 7, and since have been getting different private keys from Web3Auth. This is a critical issue as our users have lost access to their old accounts. Can you please investigate this issue and confirm that future SDK changes will not change user private keys?
- SDK Version: @toruslabs/torus.js@11.0.5 → @web3auth/single-factor-auth@7.0.1
- Platform: Web (Chrome/Safari)
- Verifier Name: acme-prod-iss
- JWKS Endpoint: https://acmedao.us.auth0.com/.well-known/jwks.json
- Sample idToken (JWT): eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InJJeDJ1UmVXSGJ5S3VLTFdzRDZGYyJ9.eyJnaXZlbl9uYW1lIjoiTHVjYXMiLCJmYW1pbHlfbmFtZSI6IjAiLCJuaWNrbmFtZSI6Imx1Y2FzLjB4MDAwIiwibmFtZSI6Ikx1Y2FzIDAiLCJwaWN0dXJlIjoiaHR0cHM6Ly9saDMuZ29vZ2xldXNlcmNvbnRlbnQuY29tL2EvQUNnOG9jSVFiQXJfeWc1MlB5UGFJZmxPYjBoTnVaNkgxZXJvc190aHhadm9uN1V5PXM5Ni1jIiwibG9jYWxlIjoiZW4iLCJ1cGRhdGVkX2F0IjoiMjAyMy0xMS0xOFQwNjo0NjowMS40MDVaIiwiZW1haWwiOiJsdWNhcy4weDAwMEBnbWFpbC5jb20iLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwiaXNzIjoiaHR0cHM6Ly9hY21lZGFvLnVzLmF1dGgwLmNvbS8iLCJhdWQiOiJUYThCMzVDZnMyZUJQQTdaZ1FhQ0thMlU0SUFYNnZuZyIsImlhdCI6MTcwMDI4OTk2NSwiZXhwIjoxNzAwMzI1OTY1LCJzdWIiOiJnb29nbGUtb2F1dGgyfDExNDM4MzEwODUwMjE0OTM1MTE5MCIsInNpZCI6Ii1MYVpQamdZRFZwRXFldFFfOUo4Q2tZV180ZFE4NVpwIiwibm9uY2UiOiJhRmhPTlRNMlVFbGtWemRXZW5WSlNrOUpZVkJwY0RSaVpIWlpUMW8xWW5GeFlYcFhiQzB4YUdwUGFRPT0ifQ.Y4N-SIlQiBEVHyAxjlxp2n2vF6HrzLa1L0g95arvS0fZeETuJcOLRbu1njISRFKHnHFGuOBPkd7C2mhHEb0ERjyS19WW9U4fzyiTBs6BrweO2BD1TUbMzaamU9P0wdQ1vjV-maVKeogyp5tXEKfM-P7BX5KgFBAPPgMQalPN6lRbAhPeBk1FZ739LSmjlTc3D5YsG4wsQGBuAh036e06uyuT8240rsMUGtEuybWJ8BG8P69HmVHCQlow6b5J4nLjzOrX6WMfziz-bTd2C_6pREdrFGNJolgUJu0b8jctLGb_DbwPNudcXQpWZItCCQymSJPFm972oF-BIP_FXqBXFQ
Torus 11 Code Initialization Snippet
const {
EthereumPrivateKeyProvider: EthereumPrivateKeyProvider,
FetchNodeDetails: FetchNodeDetails,
TorusUtils: TorusUtils,
subkey: subkey,
toHex: toHex,
ethers: Ethers,
} = await import(“@/utilities/loaders/contexts.auth”);
const Torus = new TorusUtils({
allowHost: "https://signer-polygon.tor.us/api/allow",
clientId: web3auth_client_id,
enableOneKey: true,
// @ts-ignore
network: {
development: "sapphire_devnet",
production: "sapphire_mainnet",
staging: "sapphire_devnet",
}[environment],
});
const {
torusNodeEndpoints: torus_node_endpoints,
torusIndexes: torus_indexes,
} = await new FetchNodeDetails().getNodeDetails({
verifier: web3auth_verifier_name,
verifierId: jwt_verifier_id,
});
// TODO: add support for non EVM chains
var chain_id: string | number = 80001;
var chain_rpc: string = "https://rpc-mumbai.matic.today";
if (Store.transaction_summary) {
chain_id = Store.transaction_summary!.chain_id;
chain_rpc = Store.transaction_summary!.chain_rpc;
}
// Get the EVM chain details
const {
data: chain_details,
} = await axios.get<ChainDetails>(`/assets/evm-chains/${chain_id}.json`);
// Initialise Ethereum provider
const EthereumProvider = new EthereumPrivateKeyProvider({
config: {
chainConfig: {
blockExplorer: chain_details.explorer.url,
chainId: toHex(parseInt(`${chain_id}`, 10)),
displayName: chain_details.name,
rpcTarget: chain_rpc,
ticker: chain_details.native_currency.symbol,
tickerName: chain_details.native_currency.name,
},
},
});
const private_key = subkey(
await Torus.retrieveShares(
torus_node_endpoints,
torus_indexes,
web3auth_verifier_name,
{
verifier_id: jwt_verifier_id,
},
jwt,
)
.then(key_details => key_details.finalKeyData.privKey!.padStart(64, "0")),
Buffer.from(web3auth_client_id, "base64"),
).padStart(64, "0");
SFA 7 Code Initialization Snippet
const {
CHAIN_NAMESPACES: CHAIN_NAMESPACES,
CommonPrivateKeyProvider: CommonPrivateKeyProvider,
// EthereumPrivateKeyProvider: EthereumPrivateKeyProvider,
Web3Auth: Web3Auth,
ethers: Ethers,
} = await import(“@/utilities/loaders/contexts.auth”);
// Get the chain config from either the transaction details or use
// Polygon as a default
const chain_id = Store.transaction?.summary?.chain_id || {
development: "80001",
production: "137",
staging: "80001",
}[environment]!;
const chain_rpc = Store.transaction?.summary?.chain_rpc || {
development: "https://mumbai.rpc.thirdweb.com",
production: "https://ancient-wider-field.matic.quiknode.pro/d963c69841c874b348148388d3036c2aeadecd90",
staging: "https://mumbai.rpc.thirdweb.com",
}[environment]!;
const {
data: chain_details,
} = await axios.get<ChainDetails>(`/assets/evm-chains/${chain_id}.json`);
const chain_config = {
blockExplorer: chain_details.explorer.url,
chainId: "0x" + parseInt(chain_id as string).toString(16),
chainNamespace: CHAIN_NAMESPACES.OTHER,
displayName: chain_details.name,
rpcTarget: chain_rpc,
ticker: chain_details.native_currency.symbol,
tickerName: chain_details.native_currency.name,
};
// Initialise Web3Auth
const web3auth = new Web3Auth({
clientId: web3auth_client_id,
// @ts-ignore
web3AuthNetwork: {
development: "sapphire_devnet",
production: "sapphire_mainnet",
staging: "sapphire_devnet",
}[environment],
});
await web3auth.init(new CommonPrivateKeyProvider({
config: {
chainConfig: chain_config,
},
}));
// Get the private key from Web3Auth
const private_key = await (
await web3auth.connect({
idToken: jwt,
verifier: web3auth_verifier_name,
verifierId: jwt_sub,
})
)!.request({ method: "private_key" });