Skip to main content

FAQ

What is a verifier?

A verifier is a unique identifier for your OAuth registration on the torus network. The Public/private keys generated for a user are scoped to a verifier.

Please contact us to get a verifier deployed for you.

What is a verifierId?

VerifierId is the unique identifier to publicly represent a user on a verifier.

e.g: email, sub etc. other fields can be classified as VerifierId

What is a network?

Torus has two environments where the verifiers reside - mainnet and testnet.

testnet is a sandbox environment for developers to experiment. People usually test and finish their integration here.

mainnet is prod environment.

My Redirect page is stuck in iOS Chrome

iOS Chrome doesn't support service workers. So, you need to serve a fallback html page redirect.html Please check if redirect.html is being served correctly by navigating to baseUrl/redirect#a=123. It should show a loader

For nginx, here is a simple server configuration

location ~* (/serviceworker/redirect) {
  add_header 'Access-Control-Allow-Origin' '*';
  add_header Content-Security-Policy "default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline';";
  add_header X-Content-Type-Options nosniff;
  add_header X-XSS-Protection "1; mode=block";
  add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
  default_type "text/html";
  alias PATH_TO_REDIRECT_HTML_FILE;
  autoindex off;
}

Alternatively, you can configure your redirect url to include redirect.html by passing in an option redirectPathName: 'redirect.html' while instantiating the sdk. Please remember to change the oauth redirect url to reflect this change

Discord Login only works once in 30 min

Torus Login requires a new token for every login attempt. Discord returns the same access token for 30 min unless it's revoked. Unfortunately, it needs to be revoked from the backend since it needs a client secret. Here's some sample code which does it

const axios = require("axios").default;
const FormData = require("form-data");

const { DISCORD_CLIENT_SECRET, DISCORD_CLIENT_ID } = process.env;
const { token } = req.body;
const formData = new FormData();
formData.append("token", token);
await axios.post("https://discordapp.com/api/oauth2/token/revoke", formData, {
  headers: {
    ...formData.getHeaders(),
    Authorization: `Basic ${Buffer.from(
      `${DISCORD_CLIENT_ID}:${DISCORD_CLIENT_SECRET}`,
      "binary"
    ).toString("base64")}`,
  },
});

How to initialise web3 with private key (returned after login) ?

One can use privateKeyToAccount method to initialise web3 with a privatekey. If you are supplying a hexadecimal number, it must have 0x prefix in order to be in line with other Ethereum libraries.

web3.eth.accounts.privateKeyToAccount(PRIVATE_KEY);

Login popup getting blocked

Due to browser restrictions on popups, you should reduce the time taken between user interaction and the login popups being opened. This is highly browser dependent, but the best practice for this is to separate the initialization of the SDK (ie. customauth.init) and the user login method call (ie. customauth.triggerLogin ).