All social logins fail on sapphire_mainnet (Growth): feature-access 403 on is_mfa_settings=false, masked by "Cannot redefine property: name"

Describe your issue or question

All Web3Auth social logins (Kakao, Google, etc.) fail in production on sapphire_mainnet. The user only sees Failed to connect with wallet. Cannot redefine property: name. Tracing it through the network tab, there are actually two stacked upstream bugs:

  1. The /citadel-service/v1/signer/feature-access preflight returns 403 (code 1003, “…growth plan … (MFA settings) are not available”) even though our app does not use MFA. The endpoint gates the feature on the mere presence of the is_mfa_settings query param, treating the string "false" (and "0") as truthy.
  2. That 403 is then masked by Cannot redefine property: name, thrown inside the hosted auth.web3auth.io/v11 error class during handleLoginInitiated, so the real “feature not available” message never surfaces.

The exact same code/flow works fine on sapphire_devnet (our preview env), since devnet isn’t gated.

Which platform or framework are you using

Next.js 16.1.6 (App Router) + React 19.2.4 + TypeScript 5.9, with wagmi 3.x / viem 2.52.2, deployed on Vercel. Login via @web3auth/modal/react (useWeb3AuthConnect) and @web3auth/modal/react/wagmi.

Which Web3Auth / Embedded Wallet SDK (name and version)

@web3auth/modal@11.1.1. Hosted login UI: Web3Auth .

  • Network: sapphire_mainnet
  • Plan: Growth — team_id 82312
  • clientId: BJTsiyw70ma2_TaukF334ExXTPMZ9kM0tiehfU4zxt36WwlEISsvTc50eXmpOirHsK275kXFegnRX4MJV8UWVQw

What is not working as expected

Bug A — feature-access gates is_mfa_settings by presence, not value. We configure no MFA (mfaLevel/mfaSettings are never passed). Yet the hosted login sends is_mfa_settings=false in its preflight, and the endpoint 403s. Direct reproduction against the live endpoint, varying only is_mfa_settings:

Request (…&network=sapphire_mainnet&…) HTTP
enable_gating=true (param absent) 200
is_mfa_settings=&enable_gating=true (empty value) 200
is_mfa_settings=false&enable_gating=true 403
is_mfa_settings=0&enable_gating=true 403
is_mfa_settings=true&enable_gating=true 403

false and 0 (meaning “not requesting MFA”) are treated as truthy → feature gated → 403 → all social login blocked on Growth + mainnet. This looks like a server-side if (query.is_mfa_settings) string-truthiness bug. The same presence-based gating applies to is_wallet_service.

Bug B — the 403 is masked by Cannot redefine property: name. When the SDK constructs the error for that 403, the hosted auth.web3auth.io/v11 error class calls Object.defineProperty(this, "name", { value: … }) without configurable: true, throwing TypeError: Cannot redefine property: name and replacing the real message. This was already fixed in npm @web3auth/auth@11.0.0 (it adds configurable: true), and our resolved app-side packages are ≥11 — so the throw is coming from the hosted bundle, which still ships the unfixed error class.

Net: a Growth-plan project on mainnet that uses neither MFA nor Wallet Services still can’t do any social login, and the surfaced error is misleading.

Code snippets

// Web3AuthContext.tsx — note: NO mfaLevel / mfaSettings configured anywhere in the app
const web3AuthOptions: Web3AuthOptions = {

  clientId: config.web3Auth.clientId,

  web3AuthNetwork: WEB3AUTH_NETWORK.SAPPHIRE_MAINNET,

  initialAuthenticationMode: CONNECTOR_INITIAL_AUTHENTICATION_MODE.CONNECT_ONLY,

  walletServicesConfig: {

    loginMode: "plugin",

    confirmationStrategy: CONFIRMATION_STRATEGY.DEFAULT,

    modalZIndex: 99999,

    enableKeyExport: false,

    whiteLabel: { showWidgetButton: false /* … */ },

  },

};

// login (social):

const { connect } = useWeb3AuthConnect();

await connect(); // selecting Kakao/Google → fails with the error below

Exact error and logs

Minimal reproduction (no SDK needed — direct curl to the gating endpoint):

# 403 — a feature we do NOT use, sent as "false":
curl -s "https://api.web3auth.io/citadel-service/v1/signer/feature-access?client_id=BJTsiyw70ma2_TaukF334ExXTPMZ9kM0tiehfU4zxt36WwlEISsvTc50eXmpOirHsK275kXFegnRX4MJV8UWVQw&network=sapphire_mainnet&is_mfa_settings=false&enable_gating=true"

# {"code":1003,"error":"The current subscription plan is growth and requesting features (MFA settings) are not available on growth plan. Please upgrade to a higher plan at https://dashboard.web3auth.io ...","success":false,"metadata":{"team_id":82312}}

# 200 — identical call with the is_mfa_settings param removed:

curl -s "https://api.web3auth.io/citadel-service/v1/signer/feature-access?client_id=BJTsiyw70ma2_TaukF334ExXTPMZ9kM0tiehfU4zxt36WwlEISsvTc50eXmpOirHsK275kXFegnRX4MJV8UWVQw&network=sapphire_mainnet&enable_gating=true"

# {"success":true,"metadata":{"team_id":82312}}

Browser console (trimmed) during social login on mainnet:

GET https://api.web3auth.io/citadel-service/v1/signer/feature-access?client_id=BJTsiyw70...&network=sapphire_mainnet&is_whitelabel=false&session_time=2592000&is_custom_auth=false&is_mfa_settings=false&enable_gating=true   403 (Forbidden)

Response: 403 Forbidden

TypeError: Cannot redefine property: name
    at Object.defineProperty (<anonymous>)
    at new fr (index-BU9VRKq8.js:25:103357)
    at fr.fromCode (index-BU9VRKq8.js:25:103441)
    at fr.invalidParams (index-BU9VRKq8.js:25:103574)
    at fF (index-BU9VRKq8.js:65:1799)
    at async Promise.all (auth.web3auth.io/v11/index 1)
    'Error in handleLoginInitiated'
WalletLoginError: Failed to connect with wallet. Cannot redefine property: name
    at s.fromCode (...)  at s.connectionError (...)
    'Error while connecting via social login (AUTH)'

Package details

Package Version
@web3auth/modal 11.1.1
@web3auth/no-modal (resolved) 11.1.0
@web3auth/auth (resolved) 11.8.1
@web3auth/ws-embed (resolved) 6.1.0
wagmi / viem / mipd 3.6.x / 2.52.2 / 0.0.7
next / react / @tanstack/react-query 16.1.6 / 19.2.4 / 5.90.x

Network: sapphire_mainnet · Plan: Growth · team_id: 82312

What we’d like

  1. Fix feature-access param parsing so is_mfa_settings=false/=0 (and is_wallet_service=false) are not treated as “feature requested” (strict boolean parse, not string truthiness). Today a project that doesn’t use these features is fully blocked on mainnet purely because the hosted login sends the flags with falsey string values.
  2. Fix/redeploy the hosted auth.web3auth.io/v11 error class to add configurable: true (already fixed in @web3auth/auth@11.x on npm) so the real error isn’t masked by Cannot redefine property: name.

Thanks — this is super clear and you’ve done the hard debugging already. Summary: this is an integration/platform bug (not a client misuse). Two upstream problems: (A) citadel-service treats is_mfa_settings/is_wallet_service as truthy when the param is present (e.g. “false”/“0”), causing a 403 on Growth/mainnet; (B) the hosted Web3Auth bundle still contains an old error class that throws “Cannot redefine property: name” and masks the real 403 message.

I have everything I need to escalate: SDK (@web3auth/modal@11.1.1, hosted Web3Auth), network sapphire_mainnet, team_id 82312, clientId BJTsiyw7…, stack trace and curl repro. No further info required right now.

Immediate suggestions you can use today:

  • Short-term unblock: use sapphire_devnet (gating disabled). Not ideal for prod, but works.
  • Best practical workaround: stop using the hosted modal — switch to an embedded / no-hosted flow (Embedded Wallets / Web3Auth embedded/no-modal) so no hosted preflight or hosted bundle runs.
  • Alternate: try JWT/custom auth flows (may or may not avoid the preflight depending on flow).

What I’ll do next (escalation):

  • Open an internal ticket for Platform (citadel-service) to fix strict boolean parsing of is_mfa_settings / is_wallet_service (treat “false”/“0” as false).
  • Open a ticket for Hosted UI to redeploy Web3Auth with the error class fix (Object.defineProperty(…, configurable: true)) so the real error surfaces.

If you want, I can also: (a) attach your curl repro/logs to the ticket (I will), and (b) sketch a minimal migration from @web3auth/modal → Embedded Wallets that preserves your wagmi setup. Which of those would you like me to do? I’ll escalate as soon as you confirm.

Note: This response was generated by an AI bot and may require further verification. The MetaMask Community Team has tracked this issue and will be responding as soon as possible.

Additionally, we would recommend you to join our monthly Office Hours to discuss this with our engineering team. MetaMask Developer Office Hours

yeah please do both a,b

Hi @Giwook could you please confirm what did you mean by a, b and did anything change? Thank you

Hello, I just thought I should reply to the AI. nothing changed. Error still exist.

Understood thank you for the confirmation the team will get back on this very soon. And thanks for reporting

1 Like

Quick follow-up: the same presence-truthy bug also affects the is_wallet_service flag on feature-accessis_wallet_service=false (and =0) returns 403 too, only an absent/empty value passes. And there’s no client-side opt-out: @web3auth/no-modal force-initializes Wallet Services for any EVM chain regardless of config, so the SDK always sends is_wallet_service=true and 403s on Growth+mainnet even for apps that never use Wallet Services. Unlike is_mfa_settings, this one is non-fatal (the SDK swallows the plugin error, so login still resolves) — but it’s the same parsing bug, so please apply the same strict-boolean fix to both is_wallet_service and is_mfa_settings.

1 Like

Any idea when this will be resolved? @shana

Thanks for reminder. Let me check please

1 Like

@Giwook please note team is looking into it - will let you know as soon as possible

1 Like

Thanks for the info!

1 Like