Web3Auth Domain Whitelisting Issue - Production Domain whitelisting Not Working on phone devices

labsalpha28 · August 5, 2025, 5:45am

Web3Auth authentication works perfectly on both localhost and Vercel preview URLs, but fails on the production domain https://coinrotator.app with a domain validation error:

“There is a bug in your code. Please contact support. (Make sure your domain is whitelisted and it’s on the Sapphire network).”

However, we are using the Sapphire network, and the domain is whitelisted.

Authentication works flawlessly for both web and mobile at our preview deployment:
https://coinrotator-git-ai-playground-teamxx.vercel.app/

But on our live production domain:
https://coinrotator.app
—it fails on mobile devices and throws the domain validation error mentioned above.

// Environment-specific client ID selection
const getEnvironmentConfig = () => {
if (typeof window === ‘undefined’) {
return { isDev: false, clientId: productionClientId, network: WEB3AUTH_NETWORK.SAPPHIRE_MAINNET };
}

const hostname = window.location.hostname;

// Localhost uses development
if (hostname === ‘localhost’ || hostname === ‘127.0.0.1’) {
return { isDev: true, clientId: developmentClientId, network: WEB3AUTH_NETWORK.SAPPHIRE_DEVNET };
}

// Production domain uses production config
if (hostname === ‘coinrotator.app’ || hostname === ‘www.coinrotator.app’) {
return { isDev: false, clientId: productionClientId, network: WEB3AUTH_NETWORK.SAPPHIRE_MAINNET };
}

// Fallback for preview URLs
return { isDev: true, clientId: developmentClientId, network: WEB3AUTH_NETWORK.SAPPHIRE_DEVNET };
};

const envConfig = getEnvironmentConfig();

// Web3Auth initialization
const web3authInstance = new Web3Auth({
clientId: envConfig.clientId,
web3AuthNetwork: envConfig.network,
chainConfig: defaultChainConfig,
enableLogging: envConfig.isDev,
storageKey: “local”,
uiConfig: {
loginMethodsOrder: [“google”, “twitter”, “apple”, “email_passwordless”],
hideExternalWallets: false,
uxMode: “popup”,
primaryButton: “socialLogin”,
},
sessionTime: 86400,
});

Stack:

Next.js: 13.4.7
@web3auth/modal: 10.0.4
@web3auth/base: 9.7.0
Network: Sapphire Mainnet

Any guidance on resolving this domain whitelisting issue would be greatly appreciated!

w3abot · August 5, 2025, 5:48am

Thank you for the detailed report! Here’s a summary of your issue and the key details for the support team:

Issue Summary

Problem: Web3Auth domain whitelisting error on production domain (https://coinrotator.app)—works on localhost and Vercel preview URLs, but fails on production (especially on mobile) with the error:

“There is a bug in your code. Please contact support. (Make sure your domain is whitelisted and it’s on the Sapphire network).”
Expected: Authentication should work on the production domain as it does on preview and localhost.
Actual: Authentication fails on production domain on mobile devices.

Integration Details

SDK: Web3Auth Plug n Play (PnP)
Platform: Next.js 13.4.7 (Web)
Web3Auth SDK Versions:
- @web3auth/modal: 10.0.4
- @web3auth/base: 9.7.0
Network: Sapphire Mainnet
Domain Whitelisting: Confirmed that https://coinrotator.app is whitelisted in the Web3Auth dashboard.
Client ID Selection: Environment-based, with correct clientId and network for production domain.
Preview Domain (works): https://coinrotator-git-ai-playground-teamxx.vercel.app/
Production Domain (fails): https://coinrotator.app

Initialization Code Snippet

const web3authInstance = new Web3Auth({
  clientId: envConfig.clientId,
  web3AuthNetwork: envConfig.network,
  chainConfig: defaultChainConfig,
  enableLogging: envConfig.isDev,
  storageKey: "local",
  uiConfig: {
    loginMethodsOrder: ["google", "twitter", "apple", "email_passwordless"],
    hideExternalWallets: false,
    uxMode: "popup",
    primaryButton: "socialLogin",
  },
  sessionTime: 86400,
});

(Full environment config logic provided in original message)

Additional Notes

Error only occurs on mobile devices for the production domain.
No mention of custom authentication/JWT/Firebase verifier in the error context—appears to be standard social login via Web3Auth Modal.
No browser console screenshots provided—these could be helpful for further debugging.

Next Steps / Suggestions

Double-check domain whitelisting:
- Ensure both https://coinrotator.app and https://www.coinrotator.app are whitelisted (including both with and without www).
- Make sure there are no trailing slashes or typos in the whitelisted domains in the Web3Auth Dashboard.
Mobile-specific issues:
- Sometimes mobile browsers (especially iOS Safari/Chrome) handle domain origins or cookies differently. Try clearing cache/cookies or testing in incognito mode.
- If using a custom domain redirect or proxy, ensure the final domain seen by the browser matches the whitelisted domain exactly.
Check for CORS or HTTPS issues:
- Ensure the production domain is fully served over HTTPS and there are no mixed content warnings.
Enable logging for production:
Temporarily set enableLogging: true for production to capture more detailed logs.
Browser Console Logs:
If possible, provide screenshots or text output from the browser console on a failing device. This will help pinpoint if the SDK is picking up the correct domain and clientId.
Reference Docs:
- Web3Auth Domain Whitelisting Guide
- Web3Auth Modal SDK Setup

If you can, please provide:

A screenshot of the browser console from a mobile device when the error occurs.
Confirmation that both https://coinrotator.app and https://www.coinrotator.app are whitelisted.
Any additional error details from the network tab or logs.

Thank you for your thorough report! The support team will review this information. If you can provide the requested screenshots or confirm the whitelisting status, it will help expedite troubleshooting.

Note: This response was generated by an AI bot and may require further verification. The Web3Auth support team has tracked this issue and will be responding as soon as possible.

Additionally, we would recommend you to join our biweekly Office Hours to get this resolved even faster. Web3Auth Developer Office Hours

labsalpha28 · August 5, 2025, 5:55am

screenshots from mobile console debugging, and vercel.

rushaniya.roy · August 5, 2025, 9:04am

Hi which OS Android or iOS have you tested

maharshi · August 5, 2025, 9:34am

Please console log and check if you’re passing the client id from the env correctly in the prod env.

labsalpha28 · August 5, 2025, 8:58pm

it worked! thanks for the instant support guys! Appreciated

system · August 7, 2025, 8:59pm

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.