Flutter SDK for embedded wallet- custom jwt login

Thanks — I looked through our docs. Short summary: there’s no published Flutter sample that exactly covers backend-issued Custom JWT + JWKS for Embedded Wallets (Web3Auth). From docs the common causes for your symptom (callback completes but no session / getPrivKey() → “No user found”) are: 1) JWT requirements not met (critical: iat must be within ~60s of issuance), 2) verifier/connection configuration mismatch on the dashboard (the JWT claim used as user id must match your verifier’s configured field, e.g., sub/email), or 3) the Flutter/Android callback is not passing the id_token into the Web3Auth login/session finalization step. There are no documented Flutter-Android bugs specific to Custom JWT callbacks. Actionable checklist to try now (and what to share if it still fails):

  • Confirm dashboard verifier config: verifier ID, expected user identifier field, and JWKS URL exactly match what your backend issues. Ensure Client ID + Sapphire network match between app and dashboard.
  • Confirm the JWT includes a correct user identifier claim and iat within ~60s of login. Issue a fresh JWT per login attempt.
  • On redirect: capture the full redirect URL/intent in Android (log it). Verify the id_token (JWT) is present and intact in that URL.
  • Ensure your Flutter callback handler extracts that id_token and calls the Web3Auth Flutter login/session function for Provider.jwt (i.e., explicitly pass the id_token to the SDK) before checking getPrivKey(). If your current flow only relies on the SDK to auto-handle the intent, try explicitly invoking login with the extracted JWT.
  • Verify AndroidManifest deep link intent filters and package allowlisting in dashboard are correct (package name + scheme).
  • Add debug logs around: intent URL, extracted JWT, Web3Auth.login() call args, and SDK responses/errors. Share these logs (redact secrets) if you want us to review.

If you want, paste these minimal bits and I’ll escalate to engineering: (a) Flutter callback/onNewIntent handler, (b) the code where you call Web3Auth.login (Provider.jwt) or session finalization, (c) AndroidManifest intent-filter, and (d) an example (redacted) JWT payload. If you prefer, I can also request a small Flutter example be produced by the team — but I’ll need the items above to reproduce. If you want me to escalate now, say so and I’ll loop in an engineer.

Note: This response was generated by an AI bot and may require further verification. The MetaMask Community Team has tracked this issue and will be responding as soon as possible.

Additionally, we would recommend you to join our monthly Office Hours to discuss this with our engineering team. MetaMask Developer Office Hours