Can I login with Web3Auth using JWT?

[shahbaz17]

Currently, Web3Auth supports Google, Facebook, Twitch, Discord, and Auth0 natively on the Developer Dashboard. If someone wishes to use Firebase, AWS Cognito, Okta, or any other login provider that returns idToken after successful authentication. Can they use Web3Auth? and does it support this use case?

[shahbaz17]

Yes, Web3Auth supports all login providers that return idToken in JWT format along with the already available providers on the Dashboard.

If you're using Firebase, AWS Cognito, Okta, Ping One or any other login provider that returns idToken upon successful authentication. Then, simply use the below code to log in with Web3Auth:

import { Web3AuthCore } from "@web3auth/core";
import { WALLET_ADAPTERS, CHAIN_NAMESPACES } from "@web3auth/base";

const web3auth = new Web3AuthCore({
  clientId: "YOUR-WEB3AUTH-CLIENT-ID-FROM-PLUG-AND-PLAY",
  chainConfig: {
    chainNamespace: CHAIN_NAMESPACES.EIP155, // SOLANA, OTHER
    chainId: "0x1",
    rpcTarget: "https://rpc.ankr.com/eth",
    displayName: "Ethereum Mainnet",
    blockExplorer: "https://etherscan.io",
    ticker: "ETH",
    tickerName: "Ethereum",
  },
});

const openloginAdapter = new OpenloginAdapter({
  adapterSettings: {
    network: "testnet",
    uxMode: "redirect", // also support popup
    loginConfig: {
      jwt: {
        name: "Name of your choice",
        verifier: "YOUR-VERIFIER-NAME-ON-WEB3AUTH-DASHBOARD-FROM-CUSTOM-AUTH",
        typeOfLogin: "jwt",
        clientId: "YOUR-WEB3AUTH-CLIENT-ID-FROM-PLUG-AND-PLAY",
      },
    },
  },
});

web3auth.configureAdapter(openloginAdapter);

await web3auth.init();

await web3auth.connectTo(WALLET_ADAPTERS.OPENLOGIN, {
  loginProvider: "jwt",
  extraLoginOptions: {
    id_token: idToken,
    verifierIdField: "sub", // same as your JWT Verifier ID
    domain: "https://YOUR-APPLICATION-DOMAIN" || "http://localhost:3000",
  },
});

And follow the steps mentioned https://web3auth.io/docs/custom-authentication/byo-jwt-providers#set-up-custom-jwt-verifier for setting a Verifier on Web3Auth Dashboard.

It is important that the idToken should be in the JWT format and contains:

• JWT token header must contain the kid field.
• JWT token payload data must contain iat field.
• JWT token payload data must contain iss field. The value of this field will be used in the JWT Validation field of Custom Auth Verifier on Web3Auth Dashboard.
• JWT token payload data must contain aud field. The value of this field will be used in the JWT Validation field of Custom Auth Verifier on Web3Auth Dashboard.
• JWKS used to sign the token should be exposed to Web3Auth. This endpoint URL is to be used in the JWKS Endpoint field of Custom Auth Verifier on Web3Auth Dashboard.

If you're not using other providers to get idToken, Please check out https://web3auth.io/docs/custom-authentication/byo-jwt-providers#using-jsonwebtoken for more details on how to generate an idToken that will be passed to Web3Auth.

Using jose, it would look something like this:

import * as jose from "jose";

import fs from "fs";
// openssl genrsa -out privateKey.pem 512
var privateKey = fs.readFileSync("privateKey.pem");
// openssl rsa -in privateKey.pem -pubout -out publicKey.pem
var publicKey = fs.readFileSync("publicKey.pem");
// https://my-authz-server/.well-known/jwks.json -> to be used in Custom Authentication as JWK Endpoint.

// Signing the JWT
const jwt = await new jose.SignJWT({ "urn:example:claim": true })
  .setProtectedHeader({ alg: "RS256", kid: "1bb9605c36e{your_kid}69386830202b2d" })
  .setIssuedAt()
  .setIssuer("https://my-authz-server")
  .setAudience("urn:my-resource-server")
  .setExpirationTime("2h")
  .sign(privateKey);

Guides:

• Firebase: https://web3auth.io/docs/guides/firebase
• AWS Cognito: https://web3auth.io/docs/guides/cognito
• Auth0: https://web3auth.io/docs/guides/auth0

[abdobenali]

i have a question please, how i do to get the id token , because my login provider authority doesn't provide an id token it provide just client id and client secret .