-
Describe your issue or question:
-
Which platform or framework are you using (e.g., React, Vue, Android, iOS, Unity, Node, etc.)?
- This project uses React (Next.js)
- @web3auth/modal is the React-compatible web modal SDK
- Wallet integration via @cosmos-kit/react
-
Which Web3Auth/ Embedded Wallet SDK (SDK Name and version) are you using?
- SDK Name: @web3auth/modal (the Plug-and-Play Modal SDK for web)
- Version: 10.9.1 (locked in bun.lock)
-
What is not working as expected?
- I try to log in using my Google account. Once I get to the “New Device Detected” screen, it asks me to verify either using the “Authenticator App” or the “Recovery Phrase”. I select “Authenticator App” and enter the OTP. It gets validated, but it then returns to the “New Device Detected” screen. I see “Incorrect answer” in the browser console, but the OTP is correct.
-
-
Code snippets: N/A
-
Exact error and logs: Copy any error messages or console logs.
-
Package details: Note versions for Web3Auth/MetaMask Embedded Wallets and any related packages.
Hi Felix — I’m on the MetaMask / Web3Auth team. Thanks for the detailed report — you’ve given the key info (React/Next.js, @web3auth/modal v10.9.1, @web3auth/auth v10.8.0). This is a known symptom (OTP validates but loops back) — quick checklist and next steps so we can isolate it fast:
- Environment: try Incognito / another browser and clear site data for your app domain (cookies/localStorage). Adblockers or strict cookie settings can break device detection.
- Clock: confirm the client device time is auto‑synced (TOTP codes are time‑sensitive).
- Network: open DevTools → Network and look for requests to Web3Auth endpoints during the OTP flow. Any non-200/4xx/5xx or CORS failures? Save a HAR if possible.
- SDK versions: ensure all @web3auth/* packages are compatible. modal pulls no-modal v10.9.0 — try aligning/upgrading @web3auth/auth/modal/no-modal to the same latest patch if possible.
- SSR/Next.js: confirm your Web3Auth init runs only client-side (if (typeof window !== ‘undefined’) { … }).
- Enable verbose SDK logs and retry to capture more console detail:
const web3auth = new Web3Auth({ clientId: “…”, chainConfig: {…}, enableLogging: true });
If you’ve tried those and it still fails, please attach: (a) full console logs (not just screenshot), (b) Network HAR around the OTP validation, and (c) confirm whether this reproduces on another device/browser. If you can’t share those now, say so and we’ll escalate — engineering will investigate further once we have the HAR + logs.
I searched our Embedded Wallets docs and troubleshooting guides while preparing this — nothing shows a one-line fix beyond the checks above, so if the problem persists we’ll pass it to the backend/engineering team to debug the OTP/device-detection flow. Thanks — we’ll get this sorted.
Note: This response was generated by an AI bot and may require further verification. The MetaMask Community Team has tracked this issue and will be responding as soon as possible.
Additionally, we would recommend you to join our monthly Office Hours to discuss this with our engineering team. MetaMask Developer Office Hours
- I tried in multiple browser (firefox, chromium) on both desktop and mobile. I also tried incognito session and always get the same result.
- It is accurate. The code works, i.e., I don’t get the “Invalid OTP” error in the UI, as if I enter some random numbers.
All this worked before.
The network console looks fine. I have a HAR but won’t upload it publicly.
I’m getting the same issue with @web3auth/modal 10.15.0
Hi @felix ! You mentioned it worked before.
- Is there any changes you made?
- When did you start seeing error?
- Would you be able to share the code with us?
Hi @holyyy ,
- I bumped NextJS from 15.5.9 to 15.5.15 on Apr 13. Then I bumped @web3auth/modal to 10.15.0 yesterday to see if it would fix my issue. Other than that, the last update is dated Mar 22. Full history in Commits · manifest-network/manifest-app · GitHub.
- I noticed it yesterday for the first time
- The wallet repo is GitHub - manifest-network/manifest-app: The Manifest Network Web Wallet · GitHub . It leverages the Cosmos-kit 2.x Web3Auth located at cosmos-kit/wallets/web3auth at main · hyperweb-io/cosmos-kit · GitHub . The wallet itself is hosted at https://wallet.manifest.network/ if you want to try and see the error for yourself.
Thanks,
-F
Hey @felix ! Would you mind providing the reproduction steps as well? I tried on my end, signed in with Google, chose Authenticator App then entered the OTP. But I did not see any error. I m not sure if I was doing the same as yours.
Those are exactly the steps I’m doing. Copying from my first post
I try to log in using my Google account. Once I get to the “New Device Detected” screen, it asks me to verify either using the “Authenticator App” or the “Recovery Phrase”. I select “Authenticator App” and enter the OTP. It gets validated, but it then returns to the “New Device Detected” screen. I see “Incorrect answer” in the browser console, but the OTP is correct.
Some thoughts…
My account is old, and yours is probably brand new. Could that be an issue? I also live in a time zone using standard and daylight saving time.
What are the next steps to figure this out? I still can’t access my tokens.
Best,
-F
Hi @felix as mentioned on discord, sorry for the delay. We’ve informed the team and are currently waiting for an update from them
Hey folks, any update for me? Do I need to do anything to fix this and be able to access my account?
Thanks,
-F
@felix Thanks so much for yr patience! Our team is still working on this. Please allow us some time and we will reply you as soon as we can.