[bug] Erratic Cononical Address Derivation in Appkit/Magic Integration #4282
Description
Link to minimal reproducible example
Summary
Summary:
We are encountering a critical issue in the AppKit+Magic integration for
wot.id: the same credential (Apple ID) sometimes yields different Ethereum
addresses, violating the deterministic userID mapping required by our
architecture.
Details:
-
Our system design (see wot.id Core Principles) mandates that each human
is anchored to a single Ethereum address, deterministically derived from
their credential. -
In practice, logging in with the same Apple ID sometimes returns the
correct canonical address, and sometimes an unwanted address
(0xa9Ab769eA1fDfDa1213c0F3BFF7f17c61881aA69). -
This happens across browsers and sessions, with all frontend state
cleared and no privacy relay or "Hide My Email" in use. -
All address state comes directly from AppKit/Magic; there is no frontend
bug or cache involved.
Actions Already Taken:
-
Cleared all browser storage and tested in multiple browsers.
-
Confirmed consistent login procedure, credential, and project config.
-
Added comprehensive debug logging at every address/connection state
change. -
Used AccountDebugger and reviewed all AppKit flows.
Required Action:
-
Coordinate with Magic to investigate and resolve this mapping drift.
-
Ensure that only the canonical Ethereum address remains in the user
profile; the unwanted address must be purged. -
Confirm that AppKit will always surface the correct canonical address for
this credential in the future.
Impact:
- This issue undermines the core trust and uniqueness guarantees of wot.id
and breaks the critical path for identity and attestation flows.
Please escalate this with Magic if needed, and advise on any additional
steps we can take on the AppKit side.
Meine geteilte Notiz öffnen:
List of related npm package versions
latest
Node.js Version
v18.7.0
Package Manager
npm@9.6.7