Earlier today I have received a feedback from Yash. By the way, thanks for sharing the flutter-auth0-example.
We reviewed it carefully and aligned our Flutter app with the parts that seemed generally applicable. We are using
However, our case is different from that example in one important way, because we are not using Auth0 as the identity provider.We are using a Custom JWT connection with:
a-our own backend-issued JWT
b-our own JWKS endpoint
c-Provider.jwt in Flutter
The Auth0 example appears to be built around an Auth0-based custom authentication flow, where Auth0-specific configuration is part of the setup. Our setup is backend-issued Custom JWT instead. At this point, we have validated the following on our side:
a-the JWT is structurally valid
b-the JWT verifies successfully against our remote JWKS
c-the callback reaches Android correctly through onNewIntent
d-the app resumes in the same process after redirect
e-but no wallet session is surfaced afterward, and getPrivKey() still returns “No user found, please login again!”
So the remaining issue seems to happen after the redirect returns to the app and before the wallet session is finalized.
Because of that, the Auth0 example has not helped us isolate the root cause for our specific setup. It is useful as a general Flutter reference, but it does not appear to cover the exact path we are using: backend-issued Custom JWT + remote JWKS + Provider.jwt.
Could you please help us with one of the following?
1-A working Flutter example specifically for Custom JWT authentication using a backend-issued JWT and JWKS;
2- or Guidance on whether there is any additional Android/native step required for Custom JWT session finalization after redirect;
3- or Confirmation of whether this is a known Flutter Android issue affecting Custom JWT flows after callback delivery.
By the way, it is important to point out that we are leveraging ‘web3auth_flutter:6.3.0’ version and our current tests are being performed on a smartphone running Android 10.
I really appreciate all the guidance provided so far. Thank you very much!
Thanks — I looked through our docs. Short summary: there’s no published Flutter sample that exactly covers backend-issued Custom JWT + JWKS for Embedded Wallets (Web3Auth). From docs the common causes for your symptom (callback completes but no session / getPrivKey() → “No user found”) are: 1) JWT requirements not met (critical: iat must be within ~60s of issuance), 2) verifier/connection configuration mismatch on the dashboard (the JWT claim used as user id must match your verifier’s configured field, e.g., sub/email), or 3) the Flutter/Android callback is not passing the id_token into the Web3Auth login/session finalization step. There are no documented Flutter-Android bugs specific to Custom JWT callbacks. Actionable checklist to try now (and what to share if it still fails):
Confirm dashboard verifier config: verifier ID, expected user identifier field, and JWKS URL exactly match what your backend issues. Ensure Client ID + Sapphire network match between app and dashboard.
Confirm the JWT includes a correct user identifier claim and iat within ~60s of login. Issue a fresh JWT per login attempt.
On redirect: capture the full redirect URL/intent in Android (log it). Verify the id_token (JWT) is present and intact in that URL.
Ensure your Flutter callback handler extracts that id_token and calls the Web3Auth Flutter login/session function for Provider.jwt (i.e., explicitly pass the id_token to the SDK) before checking getPrivKey(). If your current flow only relies on the SDK to auto-handle the intent, try explicitly invoking login with the extracted JWT.
Verify AndroidManifest deep link intent filters and package allowlisting in dashboard are correct (package name + scheme).
Add debug logs around: intent URL, extracted JWT, Web3Auth.login() call args, and SDK responses/errors. Share these logs (redact secrets) if you want us to review.
If you want, paste these minimal bits and I’ll escalate to engineering: (a) Flutter callback/onNewIntent handler, (b) the code where you call Web3Auth.login (Provider.jwt) or session finalization, (c) AndroidManifest intent-filter, and (d) an example (redacted) JWT payload. If you prefer, I can also request a small Flutter example be produced by the team — but I’ll need the items above to reproduce. If you want me to escalate now, say so and I’ll loop in an engineer.
Note: This response was generated by an AI bot and may require further verification. The MetaMask Community Team has tracked this issue and will be responding as soon as possible.
Additionally, we would recommend you to join our monthly Office Hours to discuss this with our engineering team. MetaMask Developer Office Hours
multiple jwks_requested events right after issuance
On Flutter/Android:
Web3AuthFlutter.login() is called with Provider.jwt
the browser/custom-tab flow opens
the callback returns to the app
the app resumes in the same process
repeated post-resume checks still show no session
Web3AuthFlutter.login() never resolves and eventually times out after 20 seconds
So at this point we can rule out:
stale/expired JWT
unreachable JWKS
basic kid / iss / aud mismatch
missing callback delivery
The remaining issue appears to be: your side reaches our JWKS and starts the verification path, but the Flutter login future never resolves and no wallet session is materialized afterward.
This is the key evidence chain:
fresh JWT minted
JWKS fetched successfully multiple times
callback delivered
no session created
login future hangs and times out
Could you please escalate this to engineering as a likely Custom JWT Flutter Android session-finalization issue or advise what internal verifier/project condition could cause JWT/JWKS activity to occur without either:
We validated the Flutter Firebase + custom JWT flow using the official example here: flutter-firebase-example, on the latest Flutter SDK, everything runs correctly on our side.
This sample shows custom JWT (Firebase ID token → Web3Auth JWT login). Could you run the same example once in your environment and let us know if you hit any issues?
Thanks for sharing that. This is very helpful. I would like to point out that we will test that example in our environment. At the same time, could you please clarify one point for us?
Here it is: our current implementation is also Custom JWT, but instead of Firebase we are using:
-our own backend-issued RS256 JWT
-our own JWKS endpoint
-Provider.jwt in Flutter
So we would like to confirm whether your ‘flutter-firebase-example’ should be considered fully equivalent to a generic backend-issued Custom JWT flow, or whether there are any Firebase-specific assumptions in that sample that do not apply to a custom backend-issued JWT.
In particular, could you confirm whether there are any hidden or non-obvious requirements beyond the usual:
a-sub
b-iss
c-aud
d-kid
e-valid RS256 signature
f-reachable JWKS
At this point, our evidence is:
a-the JWT is minted fresh with a 60-second TTL
b-your side fetches our JWKS successfully multiple times
c-the callback returns to the app successfully
d-but Web3AuthFlutter.login() never resolves and no session is created afterward
So understanding whether the Firebase example is expected to behave exactly the same as any backend-issued Custom JWT flow would help us isolate whether we are dealing with:
1-a generic Flutter Custom JWT issue, or
2-a difference specific to our backend-issued JWT integration.