Web3Auth's Node.js SDK

[shahbaz17]

Hello Web3Auth Devs,

We are excited to share our new ✨@web3auth/node-sdk✨ SDK.

Now devs and customers can use Web3Auth in their backend codes to get the same experience as Frontend SDKs.

🤓📃Check out the documentation to learn more. Or 🚀 run this demo 🚀 with your verifier details.

[ealeksandrov7]

Hey! I'm really excited to try out this new flow.
However there are a couple of issues I am currently facing:

1. Error: Error occurred while verifying paramsemail not equal to body.email <GoogleVerifierId> <User email coming from the id_token>

Am I correct to assume that as id_token I can pass 'id_token' I am getting from a custom google login?

Basically I am using:

const provider = await web3auth.connect({
    verifier: "verifier-name", // Name of the Google Custom Verifier
    verifierId: "verifier-Id", // e.g. *********.apps.googleusercontent.com - the one that the Custom Verifier is setup with
    idToken: "id-token", // Coming from a google sign in using the same application as above ^ (*********.apps.googleusercontent.com - 
    the one that the Custom Verifier is setup with)
  });

This results to the error mentioned above. I don't get why it expects them to be equal though. Body.email will always equal to the user trying to log in, so why does it expect it to be equal to the verifierId?

If I try to set the verifierId to the decoded body.email of the id_token (just for testing sake), it results to:

Error: Duplicate token found

Please advise on what I'm doing wrong..I guess it might have something to do with the id_token, but I'm not really sure. It's just a
basic google signin with a basic request scope.

[ealeksandrov7]

Okay, we've managed to make it work, but as I understand it - if we try to login a user a 2nd time and generate a private key, we always get Duplicate token found, that means that we have to store the generated PK in a db as we will no longer be able to generate it, right? I guess you are kind of doing the same thing but in a federated/distributed way (among different node operators). Are these assumptions correct?

[shahbaz17]

Hey @ealeksandrov7

You're using an idToken which has already been used by Web3Auth. Hence the Duplicate token found error. Please use a fresh JWT token when making a call.

Please check the doc. It says about the same.

To work with @web3auth/node-sdk, a Custom Verifier would be the best choice to work with https://web3auth.io/docs/sdk/node/authentication#create-custom-verifer, but you can still use your existing Google Verifier, but make sure the idToken returned from Google is unused by Web3Auth. Also, parse your id_token(from Google) to know your sub field, and pass it as verifierId field.

[shahbaz17]

The below code will work:

const provider = await web3auth.connect({
    verifier: "verifier-name", // Name of the Google Custom Verifier
    verifierId: "verifier-Id", // `sub` field of your JWT Token. Parse your JWT token at jwt.io to know the sub field.
    idToken: "id-token", // Coming from a google sign in, but it has to be unused.
  });

[ealeksandrov7]

Got it! Thanks for the fast reply, shahbaz!

[ealeksandrov7]

One more thing - what's the difference between using this SDK for generating the social share or just generating it ourselves (without the use of the SDK). In both cases it becomes 'semi-custodial' as we have to store the generated PK somewhere in a db? In my experience I can pass a random PK as a postboxkey when initializing the service provider (it's not mandatory to be generated by one of web3auth's SDKs.

[flodaniel]

Hi @shahbaz17,
can i also use the flutter sdk to implement the One-Key Flow? The login method at least appears to have the correct types. I am unclear why this One-Key flow is specifically with the node sdk, even in this react example where the node-sdk is just used for the One-Key flow.
https://web3auth.io/docs/guides/one-key-flow#checking-if-users-mfa-is-enabled-and-implementing-login

If this is not possible, would it make sense to send the idToken of my custom verifier to a small nodejs backend, which then calls the connect method and then returns the result to the app?

[shahbaz17]

Hey @flodaniel

The One-key flow currently only works on the Web.

[flodaniel]

So there is no way to keep a user permanently logged in in flutter? Something very common for JWT based auth with access and refresh token?