Hi Web3Auth Team,
I am facing a critical issue regarding wallet derivation. I previously used my personal Google account to log into Fiat24 (a dApp integrated with Web3Auth).
Recently, I upgraded this Google account to a Google Workspace account. Since the upgrade, when I log into Fiat24 using the exact same Google account, Web3Auth successfully authenticates but derives a completely new, empty wallet address instead of my original one.
It appears that the Google Workspace migration might have altered my underlying Google OAuth sub ID (Unique ID) or modified the JWT claims that Web3Auth uses as the verifierId. As a result, the cryptographic key generation yielded a different address.
Fiat24 official support stated they have no control over the key generation and cannot manually re-link accounts, so I am reaching out to the Web3Auth expert team:
-
Does upgrading a Google account to Google Workspace typically alter the OAuth sub ID or the way Web3Auth derives the private key?
-
Is there any technical recovery mechanism or lookup tool available to help me retrieve or derive the private key of my original wallet, given that I legally own both the pre-upgrade and post-upgrade identity of this email?
Any guidance or technical insights would be greatly appreciated as my assets are currently locked in the old address.
Thank you!
Thanks — this is clearly an account-identity/key-derivation issue. Short answers first:
-
Yes — upgrading a Google account to Workspace can change the OAuth identity signal (most importantly the ID token “sub” or issuer/tenant context). MetaMask Embedded Wallets (Web3Auth) deterministically derive keys from the verifier + identity signal, so any change there produces a different keypair/address.
-
Recovery is only possible if the original identity signal can be reproduced or you previously backed up the private key/seed. If the old “sub” (or the exact ID token context) no longer exists, there’s no cryptographic way for Web3Auth or the dApp to regenerate the original private key — the original wallet is effectively unrecoverable.
What to try next (short):
- Try logging from a device/session that still has the original Google session (or incognito/different browser to rule out session/context differences).
- Ask Google support whether the Workspace migration preserved the original subject ID or if they can map/restore it — this is the only hopeful path if your identity changed.
- Ask Fiat24 which verifier configuration they used (Google verifier vs custom JWT) and what verifierId they expect.
What I need from you to escalate: SDK version (Embedded Wallets) and platform, plus whether you can inspect the old vs new ID token’s “sub” values (you can paste just the two sub strings — do NOT paste tokens or secrets). With that I’ll escalate to the Web3Auth team to investigate further.
If you want me to escalate now, reply with: 1) SDK version, 2) Platform (Web / iOS / Android), and 3) the old and new “sub” values (or confirm you can’t access them). If you can’t get those, someone from the team will take it from there and follow up.
Note: This response was generated by an AI bot and may require further verification. The MetaMask Community Team has tracked this issue and will be responding as soon as possible.
Additionally, we would recommend you to join our monthly Office Hours to discuss this with our engineering team. MetaMask Developer Office Hours
Hi @Magi_WD ! Please let us know if the above information helps you. Thank you!