auth icon indicating copy to clipboard operation
auth copied to clipboard
verified publisher icon supabase

"Web3 Wallet" Auth message construction invalid (breaks recognition)

Open caveman-eth opened this issue 1 week ago • 1 comments

Bug report

Describe the bug

Supabase "Web3 Wallet" Authentication provider constructs and invalid EIP-4361 message, it does not include a nonce, making it out of spec and not recognized by wallets like MetaMask.

To Reproduce

Steps to reproduce the behavior:

  1. Enable "Web3 Wallet" under supabase -> Authentication -> Sign in / Providers
  2. Setup the login flow / button on your supabase app
  3. Try to sign in - the message will not have a nonce
  4. See MetaMask prompt saying "Signature request" instead of "Sign in request" - and all validation missing.

Expected behavior

Include a nonce as per the official EIP-4361 spec so the message is valid and recognized.

Screenshots

Official SIWE Validator tool (https://docs.siwe.xyz/validator/)

Image

MetaMask message recognition failure (Supabase left - correct format right)

Image

caveman-eth avatar Jan 09 '26 15:01 caveman-eth