Concurrent login doesn’t work as expected

[huggingbot]

Description

• The expected behaviour should be that one of the concurrent login should throw an error while the other should complete the new user login.

Sample code:

async function createCoreKitInstance() {
  const coreKitInstance = new Web3AuthMPCCoreKit({
    web3AuthClientId: CLIENT_ID,
    chainConfig,
    manualSync: false,
  });
  await coreKitInstance.init({ handleRedirectResult: false }).catch((err) => {
    throw new Error(err);
  });
  const idToken = generateIdToken(VERIFIER_ID);
  await coreKitInstance.loginWithJWT({ idToken, verifier: VERIFIER, verifierId: VERIFIER_ID }).catch((err) => {
    throw new Error(err);
  });
  return coreKitInstance;
}

const instancePromise1 = createCoreKitInstance();
const instancePromise2 = createCoreKitInstance();
const [instance1, instance2] = await Promise.all([instancePromise1, instancePromise2]);

Some of the errors are:

• factorKey not present
• TSS shares for instance1 and instance2 are different
• factors variable is undefined, i.e. Cannot read properties of undefined (reading 'length'), when calling getKeyDetails
• one of the instances' status is not updated, i.e. instance2.status !== COREKIT_STATUS.LOGGED_IN
• Unable to reconstruct require 2 but have 1 error when calling loginWithJWT

[lwin-kyaw]

Expected behaviors for concurrent logins based on the current implementations

SDK Version:

• @tkey/[email protected]
• @tkey-mpc/[email protected]

Existing user

• One of the logins should throw an LOCK ERROR since both sessions are trying to write the metadata at the same time.
• acquireWriteMetadataLock function should prevent the race condition on the metadata service

New user

Both logins session should be successful without any LOCK ISSUES due to

• both login instances will create different tKey instances
• each tKey instance will create random private key and shares (when importTSSKey param is false) as it is a new user (ref: https://github.com/tkey/tkey-mpc/blob/master/packages/core/src/core.ts#L1330)
• Metadata Lock is implemented based on the tKey.privateKey and since privateKeys are different, Metadata Lock doesn't work (ref: https://github.com/tkey/tkey-mpc/blob/master/packages/core/src/core.ts#L1715)
• the above steps will not prevent tKey writing metadata to cassandra, and will result in different metadata/privateKeys/shares

Regardless of concurrent signups generate different keys, only one of the data (keys/shares) will be persisted. However, we cannot guarantee which session will be persisted.

[lwin-kyaw]

Description

• The expected behaviour should be that one of the concurrent login should throw an error while the other should complete the new user login.

Sample code:

async function createCoreKitInstance() {
  const coreKitInstance = new Web3AuthMPCCoreKit({
    web3AuthClientId: CLIENT_ID,
    chainConfig,
    manualSync: false,
  });
  await coreKitInstance.init({ handleRedirectResult: false }).catch((err) => {
    throw new Error(err);
  });
  const idToken = generateIdToken(VERIFIER_ID);
  await coreKitInstance.loginWithJWT({ idToken, verifier: VERIFIER, verifierId: VERIFIER_ID }).catch((err) => {
    throw new Error(err);
  });
  return coreKitInstance;
}

const instancePromise1 = createCoreKitInstance();
const instancePromise2 = createCoreKitInstance();
const [instance1, instance2] = await Promise.all([instancePromise1, instancePromise2]);

Some of the errors are:

• factorKey not present
• TSS shares for instance1 and instance2 are different
• factors variable is undefined, i.e. Cannot read properties of undefined (reading 'length'), when calling getKeyDetails
• one of the instances' status is not updated, i.e. instance2.status !== COREKIT_STATUS.LOGGED_IN
• Unable to reconstruct require 2 but have 1 error when calling loginWithJWT

Among the errors stated above, the following error messages are related to this issue, #131, please refer to that issue for more details.

• factorKey not present
• factors variable is undefined, i.e. Cannot read properties of undefined (reading 'length'), when calling getKeyDetails
• one of the instances' status is not updated, i.e. instance2.status !== COREKIT_STATUS.LOGGED_IN
• Unable to reconstruct require 2 but have 1 error when calling loginWithJWT

Regarding to this error, TSS shares for instance1 and instance2 are different. It is because

• for the concurrent sign ups (new user logins), each instance generates different private keys/shares
• however, only one of the metadata (among two instances) is persisted after login. You can check the metadata like following -

const oauthKey1 = coreKit1.state.oAuthKey;
const oauthKey2 = coreKit2.state.oAuthKey;

const factorMetadata1 = await coreKit1.tKey.storageLayer.getMetadata<Record<string, string>>({ privKey: new BN(oauthKey1, "hex") });
const factorMetadata2 = await coreKit2.tKey.storageLayer.getMetadata<Record<string, string>>({ privKey: new BN(oauthKey2, "hex") });
// factorMetadata1 === factorMetadata2
console.log("factorMetadata1", factorMetadata1); 
console.log("factorMetadata2", factorMetadata2);

• for more details, please refer to this comment

[lwin-kyaw]

I've made a draft PR, tkey/tkey-mpc#10, which will fix this issue.