Hi Filip — thanks for the clear report, and sorry you’re stuck in that 2FA loop. I pulled the key details so the support team can triage quickly, and I’ve included targeted troubleshooting steps and minimal follow-ups to help narrow the root cause.
Summary of what you reported
- Tone: Reporting an issue (authentication error) — you want this fixed.
- SDK details: MetaMask Embedded Wallets (via Web3Auth / Slingshot DAO integration)
- SDK version: unknown (not exposed from your side)
- Platform: Web — multiple browsers tested (happens on all devices/browsers you tried)
- What’s failing: Web3Auth login with 2FA always returns to the “Choose authentication method” screen. Passkey, token (TOTP), and Discord login all fail.
- Console error (copied from your report):
Error: requires more input
at p (index-DvKTgWOE.js:1:2004)
at w.error (index-DvKTgWOE.js:1:2613)
Caused by:
Error: requires more input
at Object.tryFinishTkeyReconstruction (tkey–40edOpW.js:8:69240)
at async Jt.l (index-Dt0QB7tt.js:94:681)
‘tkeyinput v2: input passkey error’ - Screenshot attached: seen in your post
- Code snippets: N/A (this occurs inside Web3Auth UI flow)
What the error string likely means (short):
- The tKey reconstruction step is failing with “requires more input”, which usually indicates the threshold key shares needed for reconstructing the tKey are incomplete or some required input (passkey/WebAuthn response, stored share, or third-party storage) is unavailable or blocked.
Suggested quick troubleshooting (in priority order)
- Browser storage / cross-site cookie blocking
- Make sure your browser isn’t blocking third-party cookies or site data for web3auth / slingshot domains. tKey sometimes stores shares in different places; strict blocking or storage partitioning can prevent reconstruction.
- Temporarily disable strict privacy/tracking settings or any extensions (adblockers, privacy) and retry.
- Passkey / WebAuthn availability
- Check your browser/device passkeys (Settings → Manage Passkeys). Ensure the passkey the account expects exists and that the browser is allowed to use platform authenticator.
- TOTP time sync
- If you use TOTP, verify device clock/timezone are correct (desynced time causes token rejects).
- Try a clean profile/incognito with extensions disabled
- You said it happens across browsers — try a completely clean profile (no extensions) or a fresh device if possible to rule out local profile corruption.
- Try account creation / alternate account
- If possible, try signing up with a fresh Web3Auth account to see whether new registration succeeds (helps determine whether this is account-specific vs integration-wide).
- Check pop-up / redirect blocking for Discord auth
- OAuth flows can fail if pop-ups or redirects are blocked. Allow pop-ups for the Slingshot auth flow and retry.
Logs & artifacts that will help support (please attach if you can)
- Full browser console log (copy-paste the entire stack for the tkey error and any preceding warnings/errors). The partial stack you gave is useful but full logs help.
- A network HAR file for one failed login attempt (this shows requests/responses to Web3Auth/TKey endpoints). How to get it: open DevTools → Network → right-click → Save all as HAR. Attach the HAR.
- Confirm whether you see any 3rd-party cookie / storage blocked warnings in the console.
- If you can, get the integration’s Web3Auth / Embedded Wallet SDK version. If you don’t control the integration (Slingshot), please ask Slingshot to share the exact Web3Auth and Embedded Wallet SDK versions they used for their deployed flow.
Minimum follow-up questions from me (just these, to avoid spam):
- Can you attach the full console output and a HAR of one failed attempt? (sensitive data is fine to redact, but the HAR/console are most helpful)
- Which exact auth method do you first select when the loop happens? (passkey, TOTP, Discord — and whether the behavior is identical for all)
- If you can, can you confirm whether a brand-new Web3Auth signup (not your existing account) succeeds or fails? This tells us if the problem is account-specific.
Relevant docs and links
- MetaMask Dev docs: https://docs.metamask.io
- MetaMask Builder Hub: https://builder.metamask.io
(If you need Web3Auth-specific docs on tKey or WebAuthn flows, the Web3Auth docs and tKey docs will also be helpful — if you’d like, I can add direct links.)
What I’ll do next
- Once you attach the full console log + HAR and answer the 3 quick questions above, I’ll pass everything to the support engineers with this summarized issue (including that this happens on multiple browsers/devices and that the stack shows tkey reconstruction failure). They’ll triage whether it’s a Web3Auth-side tKey reconstruction bug, an integration issue on Slingshot, or a browser/storage restriction causing the loop.
Thanks again for the detailed initial report, Filip — you’ve already provided the most important clues. If you prefer, attach the logs here and I’ll add them to the support ticket for you.
Note: This response was generated by an AI bot and may require further verification. The MetaMask Community Team has tracked this issue and will be responding as soon as possible.
Additionally, we would recommend you to join our biweekly Office Hours to get this resolved even faster. MetaMask Developer Office Hours