Multiple wallets per user

Content from Web3Auth Community

This topic was originally posted by alex3 on 10/29/2023.
This content has been migrated from our previous community forum to preserve valuable discussions.

We are using web3auth-auth0-twitter-sapphire verifier with twitter user ID as VerifierID and let users login only with twitter. Recently I noticed that I have 2 records in the database with the same twitter ID but different addresses. I am using example from here to get the user address -Social Login Users | Documentation | Web3Auth. The only way I think this can happen, is if the wallets array has multiple entities, because we take the item at index zero. If it is true, how can should I handle this and what wallet to use?

@alex3 Thanks for your recent post.

Please migrate to the latest version V7 if you have not yet done so:

I already user version 7. These are lines from package.json

    "@walletconnect/sign-client": "^2.10.1",
    "@web3auth/base": "^7.0.4",
    "@web3auth/no-modal": "^7.0.4",
    "@web3auth/openlogin-adapter": "^7.0.4",
    "@web3auth/solana-provider": "^7.0.4",

I can give you the twitter ID and the addressed I got for it if it helps

Please provide only the wallet addresses that should do.

Here are 4 users with 2 address each.

1. 4FsqCiEJ1qR14S5rnibFKhh2sqDYsJuVP9usqTZ5vHMr, GoBL5YhFfSQSu1ecXXpJ9VUTdGFEDbKPYmMcKYq7QmRn

2. 8CCfipWJ7huW8bBV5ZGodzq9QzDRWux5pDh5dmjDKkva, 6z5NEA5kJkT65TjTj1qhX6uQVEedhGRZjQpbTjy3p7dd

3. 9QuDM2f1yuEjQc8Us2NMoVsudS4q2aRZ9hVrCiWdNv2R, D2vJrrb3WJhC6aFp6RtCWH3jreDtfpu47vXQVWxJNfge

4. GUJ2ssaq3v9ZGcohXD98qnan4ECLzcUcYGt1QN1VBqgn, AA7BY6QmrG6jB3ZHStjSUgpym2bFW1ZWG26xfcMiGhV2

it depends on how you implemented.

Check out if your implementation applies to you.

This is the code on the frontend that is executed after redirect from the web3auth. Can it be because 235519 curve instead of default secp256k1? The main issue that it happened to 4 users out of thousands.

const userInfo = await web3auth.authenticateUser()
if (!userInfo.idToken) throw new Error('User info not found!')
const publicKey = await getPubKey(web3auth.provider!)

const token = await login(publicKey, userInfo.idToken) //send to backend
//getToken.ts

import { IProvider } from ‘@web3auth/base’

import { getED25519Key } from ‘@toruslabs/openlogin-ed25519’
export async function getPubKey(provider: IProvider) {

const app_scoped_privkey = await provider.request({

method: ‘solanaPrivateKey’,

})
const ed25519Key = getED25519Key(

Buffer.from((app_scoped_privkey as string).padStart(64, ‘0’), ‘hex’)

)

const app_pub_key = ed25519Key.pk.toString(‘hex’)

return app_pub_key

}

I checked the ID token that user sends on the backend and it has only one public key, not 2. But it is different public key. Can you please check on your side if it is possible to generate different public key. The backend was running untouched all this time, so no changes in auth flow happened.

This is an array of wallets

[{6ae063d61e1475ac47087eba8cd462424b7bf1196edad50e06779a68583209ff web3auth_app_key ed25519}]

From this I derived the 8CCfipWJ7huW8bBV5ZGodzq9QzDRWux5pDh5dmjDKkva public key from it.

Can also provide the JWT token from your side if it can help, the only difference inside is the different wallet for same data. Can send it over email.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Same problem here, I’m running with twitter and auth0, library @web3auth/no-modal@7.0.1
web3auth giving me 2 different public key, just logging in and out and then I have a different public key/wallet address

Screenshot 2024-01-16 at 15.06.16780×133 15.2 KB

This scares me to go with web3auth in other projects

@thanks.tet173 Sorry to hear you are facing issues.

Can you upgrade your package version to 7.3.1 @web3auth/no-modal - npm and let me know if you are still facing any issue

The problem’s still there. Nothing changed

Can you share your pacakage.json file details of all the packages you are using?

  "dependencies": {
    "@rainbow-me/rainbowkit": "^1.1.3",
    "@web3auth/no-modal": "7.3.1",
    "@zerodev/sdk": "^4.0.30",
    "@zerodev/wagmi": "^4.1.19",
    "next": "13.5.6",
    "react": "^18",
    "react-dom": "^18",
    "viem": "^1.16.6",
    "wagmi": "^1.4.5"
  },
  "devDependencies": {
    "@types/node": "^20",
    "@types/react": "^18",
    "@types/react-dom": "^18",
    "autoprefixer": "^10",
    "encoding": "^0.1.13",
    "eslint": "^8",
    "eslint-config-next": "13.5.6",
    "eslint-config-prettier": "^9.0.0",
    "lokijs": "^1.5.12",
    "pino-pretty": "^10.2.3",
    "postcss": "^8",
    "tailwindcss": "^3",
    "typescript": "^5"
  }

I’m using through ZeroDev, but please don’t tell me to ask them. It’s web3auth instance giving me 2 different public key (decoded from JWT, from web3Auth.getUserInfo() ).
The point here is only my account has a problem, not others.

The code is unchanged, the libraries are unchanged, the twitter account is unchanged, but web3auth gave me different public key just by logging in and out.
So I think it’s on the servers, load balancers, …

Please share your entire implementation code, web3auth initialization and login code as well as your Dapp URL for me to replicate the issue.

I’d rather not share that info publicly.

As I said, it only happened with my Twitter, so the issue is hard to reproduce.

If you guys consider this issue serious, I can share more details on a private channel. Otherwise, just let it be.

@thanks.tet173 Please navigate to the left hand side Menu . Scroll down to find Messages > Inbox > New Message and send me a DM to share your Dapp URL privately. Please also share your implementation code including Web3Auth login, Initialization code as well.