auth icon indicating copy to clipboard operation
auth copied to clipboard
verified publisher icon supabase

Solana signInWithWeb3 fails on Ledger hardware wallets

Open borcherd opened this issue 1 month ago • 8 comments

Bug report

  • [x] I confirm this is a bug with Supabase, not with my own application.
  • [x] I confirm I have searched the Docs, GitHub Discussions, and Discord.

Describe the bug

There is still a blocking issue with Solana Web3 auth (signInWithWeb3) when using Ledger hardware wallets. Even though issue #2092 was addressed and the related PR was merged, the fix did not fully resolve the problem.

The core issue is that the SIWS flow relies on off-chain message signing, and Ledger’s Solana app does not reliably handle this path when accessed through Phantom/Solflare. The message never reaches the hardware wallet, so authentication always fails for Ledger-backed accounts.

This means that any Solana user using a Ledger wallet cannot authenticate through Supabase, even after the merged fix.

I reached out to the author of the original PR on Twitter — he confirmed that additional issues likely remain, but hasn’t followed up.

This is a significant problem because most high-value users, teams, and institutional Solana accounts use hardware wallets. Right now they are completely unable to log in.

To Reproduce

  1. Set up a Solana wallet using Phantom or Jupiter wallet with a Ledger device.
  2. Implement supabase.auth.signInWithWeb3({ chain: "solana" }) in a Next.js / JS project.
  3. Attempt to sign in with the Ledger-backed wallet.
  4. The SIWS message never appears on the Ledger device; the wallet rejects the request; authentication fails.

This reproduces consistently across browsers and environments.

Expected behavior

I expected authentication to work for Ledger users after the fix for #2092. Instead, SIWS still fails because message signing never reaches the hardware wallet.

Ideally, you should either:

  • Continue refining SIWS to work with hardware wallets, or
  • Provide a fallback mechanism for wallets that do not support off-chain message signing (e.g., a minimal transaction-based signature flow or another supported signing method).

System information

  • OS: all
  • Browsers: all
  • supabase-js: latest
  • Node.js: all

Additional context

  • This is not an issue with my application — it reproduces with clean setups.
  • The fix for #2092 improved part of the flow but did not solve the Ledger case.
  • Ledger has stated that off-chain message signing issues are not likely to be resolved quickly on their end, so this currently blocks a large segment of Solana users. This makes this feature, signInWithWeb3, a no-go for production environments

borcherd avatar Dec 01 '25 17:12 borcherd