[URGENT] User Cannot Login - Server-Side tkey Corruption (getKeyDetails Error)

Setup
SDK: @web3auth/modal: ^9.5.0
Framework: React + Vite
Network: SAPPHIRE_MAINNET
Auth: Email Passwordless
Mode: Redirect
What We Tried:
Cleared ALL storage (sessionStorage, localStorage, IndexedDB)
Tested multiple browsers (Chrome, Firefox, Edge, Safari)
Tested multiple devices (desktop, mobile)
Tested incognito mode
Disabled all extensions
Different networks (WiFi, mobile hotspot)
OTHER users login fine on SAME browser/computer
DIFFERENT emails work perfectly
ONLY this specific client email fails everywhere: ribeiroaurelio6@gmail.com

Hi Aurelio — thanks for the clear report. I hear you (and I know urgent = stressful). From what you provided I’ve pulled together the key details for the support team and put together next steps so we can move quickly.

Summary (what you already gave)

• SDK: MetaMask Embedded Wallets (Web3Auth)
• Package/version: @web3auth/modal ^9.5.0
• Framework / Platform: React + Vite (web)
• Network: SAPPHIRE_MAINNET
• Auth: Email (passwordless)
• Mode: Redirect
• Symptom: getKeyDetails error / server-side tkey corruption — single specific email fails everywhere: ribeiroaurelio6@gmail.com
• What you tried: cleared all storage, multiple browsers/devices/incognito/extensions disabled/different networks — other users on same machine are fine and other emails work; only this email fails.

Why this looks like a server-side/user-specific issue

• Because the failure is tied to one email but reproducible across devices/browsers, it strongly indicates the user’s tKey or keyshare stored on the server (or the account metadata) is corrupted or inconsistent rather than a client-side environment problem.

What we need from you (please provide if available)

• Exact browser console error text / full stack trace for getKeyDetails (copy-paste the error log). If possible a screenshot of the console where the error appears. (Redact any secrets.)
• Network tab capture (HAR or screenshot) for the failing network requests when login runs (esp. requests/responses related to Web3Auth/getKeyDetails).
• Code snippets for your Web3Auth initialization and login flow (the minimal init and login code). You can redact private keys/ClientSecret but include clientId and config values.
• Any server-side logs if you run a custom threshold-key/keyserver backend (or logs from your Web3Auth integration).
• Timestamp(s) (with timezone) when the failure started for that email — helpful for correlating server logs.
• Whether that email was ever used previously with a different auth method (social login, seed-created account, etc.) or if the user previously used the app successfully.

Immediate troubleshooting things you (or we) can try now

• Grab the console/network logs and share them with us (this is the most useful next step). The support team will likely need these to locate the failing getKeyDetails call and inspect the server response.
• Confirm in your Web3Auth dashboard (or with your keyserver provider) whether there are any errors or alerts for that userId/email and whether a tKey share exists for that account.
• If you have a way to view or re-create the user’s key metadata on the server side (without exposing secrets), check for malformed metadata or missing keyshares.
• If this is indeed tKey corruption and you have a recovery workflow, consider initiating account recovery/reset for that specific user (only after confirming procedure with Web3Auth support or your security policy) — the support team may need to perform a server-side tKey reset for that email.

If you want me to escalate: please attach the logs + init/login snippets and I’ll add them to the ticket for the support engineers and mark it urgent. Given your troubleshooting, this looks like something the Web3Auth/keyserver team will need to inspect server-side; we’ll ask them to check the user’s tKey/keyshare and metadata for that email.

Next step from you (recommended, minimal): paste the browser console error stack and the Web3Auth init/login snippet you’re using. If convenient, include a screenshot of the console/network request for getKeyDetails. I’ll attach those to the issue for the engineers and advise on any safe next steps.

Thanks — I’ll stay on this with you until we have the logs we need. If you want, paste the console text here now and I’ll parse it immediately.

Note: This response was generated by an AI bot and may require further verification. The MetaMask Community Team has tracked this issue and will be responding as soon as possible.

Additionally, we would recommend you to join our biweekly Office Hours to get this resolved even faster. MetaMask Developer Office Hours

Here’s all the information requested:

Imagem do WhatsApp de 2025-10-29 à(s) 10.51.24_0622f6e51280×585 77.1 KB

1. EXACT CONSOLE ERROR & STACK TRACE

Error from Production App:

Error: Cannot convert undefined or null to object
at p (index-DvKTgWOE.js:1:2004)
at w.error (index-DvKTgWOE.js:1:2613)
Caused by: TypeError: Cannot convert undefined or null to object
at Object.keys ()
at $.getKeyDetails (tkey–40edOpW.js:3:15564)
at $.initialize (tkey–40edOpW.js:3:7422)
at async Za (tkey–40edOpW.js:8:50941)
at async Object.init (tkey–40edOpW.js:8:53861)
at async Jt.l (index-Dt0QB7tt.js:94:681)
Error: Cannot convert undefined or null to object
at h.error (index-l8Z4lGlq.js:80:258297)
at index-l8Z4lGlq.js:679:78362
at async Promise.all (/index 0)
at async Blt.initInAppAndCachedConnectors (index-l8Z4lGlq.js:679:77559)
at async Blt.initConnectors (index-l8Z4lGlq.js:679:73789)
Error: ‘Error in handleLoginInitiated’
Error: ‘error while initializing connector auth’

Error from Minimal Test Page (to confirm not app-specific):

Error: Cannot convert undefined or null to object: traceId: undefined - spanId: undefined
at f (index-cqWneRRW.js:1:1876)
at w.error (index-cqWneRRW.js:1:2439)
Caused by: TypeError: Cannot convert undefined or null to object
at Object.keys ()
at Se.getKeyDetails (tkey-B4NzNTGc.js:3:15125)
at Se.initialize (tkey-B4NzNTGc.js:3:6983)
at async da (tkey-B4NzNTGc.js:8:41483)
at async Object.init (tkey-B4NzNTGc.js:8:44402)
at async ar.d (index-BGM19B3o.js:94:681)

Key Pattern: Error always occurs at getKeyDetails when calling Object.keys() on what appears to be null/undefined tkey metadata.

2. WEB3AUTH CONFIGURATION

Main App Configuration (web3authContext.tsx):

typescript
import { WEB3AUTH_NETWORK } from “@web3auth/modal”;
import { type Web3AuthContextConfig } from “@web3auth/modal/react”;

const clientId = import.meta.env.VITE_WEB3AUTH_CLIENT_ID; // BNjuoXzpmJmFZWp10-Jx2z3AETOVotOB8mBBAIqGqzfEi-YeK26ya4qMs4EMl8ucpxCKl2ziYz57tUJF7Jxsong
const envNetwork = import.meta.env.VITE_WEB3AUTH_NETWORK; // SAPPHIRE_MAINNET

const web3AuthContextConfig: Web3AuthContextConfig = {
web3AuthOptions: {
clientId,
web3AuthNetwork: WEB3AUTH_NETWORK.SAPPHIRE_MAINNET,

uiConfig: {
  uxMode: "redirect",
  appName: "Kore",
  theme: {
    primary: "#0052ff",
  },
},

sessionTime: 86400, // 24 hours
enableLogging: false,
storageType: "session", // Use sessionStorage
mfaLevel: "none",

}
};

export default web3AuthContextConfig;

Main App Initialization (main.tsx):

typescript
import { Web3AuthProvider } from “@web3auth/modal/react”;
import { WagmiProvider } from “@web3auth/modal/react/wagmi”;
import web3AuthContextConfig from “./web3authContext”;

ReactDOM.createRoot(document.getElementById(“root”) as HTMLElement).render(

);

Login Flow (Index.tsx):

typescript
import { useWeb3AuthConnect } from “@web3auth/modal/react”;
import { WALLET_CONNECTORS, AUTH_CONNECTION } from “@web3auth/modal”;

const { connectTo } = useWeb3AuthConnect();

async function onAuth() {
const normalizedEmail = email.trim().toLowerCase();
const redirectUrl = ${window.location.origin}/auth-callback;

await connectTo(WALLET_CONNECTORS.AUTH, {
authConnection: AUTH_CONNECTION.EMAIL_PASSWORDLESS,
extraLoginOptions: {
login_hint: normalizedEmail,
isUserIdCaseSensitive: false,
redirectUrl: redirectUrl
}
});
}

Minimal Test Page Configuration (standalone HTML):

javascript
// Create private key provider
const privateKeyProvider = new window.EthereumProvider.EthereumPrivateKeyProvider({
config: {
chainConfig: {
chainNamespace: “eip155”,
chainId: “0x2105”, // Base mainnet (8453)
rpcTarget: “https: //mainnet. base. org”,
displayName: “Base Mainnet”,
blockExplorerUrl: “https:// basescan. org”,
ticker: “ETH”,
tickerName: “Ethereum”,
},
},
});

web3auth = new window.Modal.Web3Auth({
clientId: “BNjuoXzpmJmFZWp10-Jx2z3AETOVotOB8mBBAIqGqzfEi-YeK26ya4qMs4EMl8ucpxCKl2ziYz57tUJF7Jxsong”,
web3AuthNetwork: “sapphire_mainnet”,
privateKeyProvider: privateKeyProvider,
});

await web3auth.initModal();
const web3authProvider = await web3auth.connect();

3. AFFECTED USER DETAILS

Email: ribeiroaurelio6@gmail.com

First Occurrence: Approximately 10pm utc-3 28/10/2025. After completing MFA, clicking save device (got stuck, after refreshing the page - started getting this error)

Historical Usage:

• User was able to login successfully in the past
• No recent changes to auth method
• Account was created through our standard email passwordless flow
• Never used social login or other auth methods
• Has existing account data in our database (KYC completed, has Smart Accounts)

Current Status:

• Cannot login from ANY device/browser/network
• Error occurs immediately during Web3Auth initialization
• Other users (including myself) can login fine on the SAME computer

4. TESTING COMPLETED

Environments Tested:

Chrome (latest) - Windows
Mobile browsers - iOS Chrome, iOS Safari
Incognito/Private mode - all browsers
Different networks - home WiFi, corporate, mobile hotspot, different ISPs
VPN disabled
All browser extensions disabled

Storage Clearing:

Completely cleared sessionStorage
Completely cleared localStorage
Deleted all IndexedDB databases
Cleared all cookies
Hard reload (Ctrl+Shift+R)
Unregistered service workers

Code Testing:

Production app - FAILS
Minimal test page (bare-bones Web3Auth Modal CDN) - FAILS with same error
Different Web3Auth implementation - FAILS

Comparison Testing:

Same setup, different email (mine) - WORKS
Same computer, same browser, different user - WORKS
Only this specific email fails across ALL environments

5. WHY THIS APPEARS SERVER-SIDE

Evidence:

1. Error is tied to SPECIFIC EMAIL across all devices/browsers/networks
2. Same setup works for other users (including on same machine)
3. Minimal test page (completely different implementation) shows SAME error
4. Error occurs at tkey initialization when fetching metadata from server
5. Object.keys() failing suggests server returned null/undefined instead of valid metadata object

Error Location Analysis:

• Error at $.getKeyDetails → trying to read key metadata
• Calling Object.keys() on result → result is null/undefined
• Happens during $.initialize → during tkey setup
• At initInAppAndCachedConnectors → when restoring user’s key from server

Conclusion: User’s tkey metadata on Web3Auth servers appears corrupted or missing required fields.

6. NETWORK REQUESTS (CRITICAL)

I can provide HAR file or network screenshots if needed. Key observations:

• Web3Auth API endpoints are reachable (status.web3auth.io shows operational)
• API health check succeeds
• Error occurs during metadata fetch for this specific user

Can provide:

• Full HAR export from browser Network tab
• Screenshots of failing requests
• Request/response headers and payloads (with sensitive data redacted)

Would you like me to capture and send these now?

7. DASHBOARD CHECK

In our Web3Auth dashboard:

• Client ID is active and valid
• No alerts or errors shown
• Other users authenticating successfully
• Cannot see user-specific metadata/keyshares in dashboard (no such view available)

Question: Is there a way for us to check this user’s tkey metadata status in the dashboard? Or does that require support team access?

8. ADDITIONAL CONTEXT

Similar Issue Found:

We found another company (zblocks.io) experiencing the IDENTICAL error pattern:

• Same error: “Cannot convert undefined or null to object” at getKeyDetails
• Posted 15+ days ago on Web3Auth community forum
• Described as “intermittent” affecting “some users” with “high frequency rate”
• Multiple error variants, all tkey metadata related

This suggests: Possible systemic issue with tkey metadata storage/retrieval affecting multiple Web3Auth customers.

User Impact:

• User cannot access their financial account
• Funds are on blockchain (safe) but user locked out
• Account has Smart Accounts on Base with assets
• Need to either fix server metadata OR export private key for manual import

9. REQUESTED ACTIONS

Immediate:

1. Check user’s tkey metadata on your servers for: ribeiroaurelio6@gmail.com
2. Look for null/undefined fields or corrupted data structure
3. Check server logs for errors when this user attempts login

Short-term:

1. If metadata is corrupted: restore from backup or regenerate
2. If backup unavailable: safely reset/recreate metadata (user will get same deterministic EOA)
3. Provide us with export of private key so user can import to MetaMask as backup

Long-term:

1. Root cause analysis - why did metadata become corrupted?
2. Check if other users affected (similar to zblocks.io report)
3. Implement safeguards to prevent metadata corruption

SUMMARY

Complete configuration provided
Full error stacks provided
Extensive testing completed
Proven server-side issue
User details provided
Ready to provide network logs/HAR

User needs urgent access - financial application, funds locked.

Please advise on next steps for server-side metadata inspection/repair.

Thank you for the support!

Adding more context:

We captured network traffic and found the root cause:

During tkey initialization, THREE metadata API calls are made to:

https://node-1.node.web3auth.io/metadata/get

Results:

1. First call: Returns 1KB encrypted metadata (SUCCESS)
2. Second call: Returns 97KB encrypted metadata (SUCCESS)
3. Third call: Returns EMPTY: {“message”:“”} (FAILURE)

The third call returns HTTP 200 but with an EMPTY message field.
When the SDK tries to decrypt and parse this empty response,
it gets null/undefined, leading to the error:
“Cannot convert undefined or null to object at getKeyDetails”

Request Details (Third Call - The Failing One):

• URL: https://node-1.node.web3auth.io/metadata/get
• Method: POST
• pub_key_X: 2ec661fff555e8a8431230456fc27aef86126c2ab405b5c67c4f1c352face3c3
• pub_key_Y: eecfc5a53acfcf74a88990dd4785b661926b1aaf5450e85605ce0d917df60d42
• Response: {“message”:“”} ← EMPTY!
• Response Size: 14 bytes

Thanks for all the details let me check please

Have you tried migrating to v10: Migrating to the Web3Auth PnP Web SDK v10 from v9 (No-Modal) | MetaMask developer documentation

Hi @shana We were already using the V 10 updates.the older packages were just being imported, but never were being referenced to.meaning this is not the issue. Also, after removing those imports, the error still persists how can we move this forward no more timely manner, the user is still locked out of his account.

Thanks for letting us know apologies for delay I’ve notified the team

Ok, when can we expect a response? Also is there a more direct channel where we can get support on this issue? It is furstrating having to wait indefintely for forum responses.

As paying customers of Web3Auth we’d expect at least a channel where we can get timely support on critical issues.

We have dedicated slack/Tg groups for Enterprise clients. For all our Base/Growth/Scale plan clients we have builder hub.
Regarding the issue, are you using default verifiers?
If yes, can you ask the user to try logging in to the demo.web3auth.io, the issue should come out to be same in terms of default verifiers?
I have also opened a DM channel with you, where you can share the client id for your project, so that i can ask the team to look into it further.
And the HAR file would also be useful.

Hi @maharshi Yes, we are using Web3Auth’s default Email Passwordless verifier.

And the user did manage to log in into http://demo.web3auth.io/.

I didn’t find your DM though, to send the HAR e client_id

Just an additional information, the user was in the Web3Auth MFA (after completing the OTP from email) flow and clicked “Save Device”. The page kept
loading, so user refreshed the browser. After that refresh, login started failing with this error.

Hi, any updates? Also I simply could not find a direct message section on the forum here.

Still waiting on a response @maharshi

Sent you a DM waiting for your details!

I have shared the details with the engg team, I’ll inform you about it as soon as I have something