SSO returns different PK than from a few hours ago

[ealeksandrov7]

I experienced a weird thing. I've been trying to implement a self host solution and I've been playing around with a bunch of private keys, generating shares, etc. Until today - a few hours ago ALL of the SSOs I've been using for testing purposes suddenly started returning different private keys in the login response. So I am not able to access the previously constructed keys..

E.G. I login with a new google account for the first time -> generate a share for the SecurityQuestions module -> generate another share which I store locally = I end up with 2/4 shares. I've been able to reconstruct these private keys by providing the shares up until now. Now all of my google accounts started returning a different PK in the login response, hence I am unable to reconstruct the same keys I've been previously using. If that was on a production app, these wallets would have been lost forever. So my question is:

Is there something really wrong with my implementation or is this because of some "testnet flush" or whatever?
Is it not provided that each SSO login would always provide the same private key?

[YZhenY]

Hard to tell without a code snippet of your implementation, provide that and we can dig deeper.

With the same SSO you should get the same "Postbox Key" or "OAuth Key" every time, if you aren't, check the network your verifier is on is that the same? These are some reasons why your key might have reset/registered as new:

• does your implementation call "_initializeNewKey"? This resets your key, and should not be used in any case unless you know what youre doing.
• Did you change the storage layer? This makes it such the SDK think you're a new user.

[ealeksandrov7]

Thanks for your response, YZhenY!

So first I am triggering a login with:

After that I am calling:

Then I am setting a password with something like this:

And that's my modules initialization:

Is there anything out of the ordinary? Am I right to use the private key coming from the SSO as a postBoxKey? My understanding was that this way I am using the private key from the SSO as the "1st share", but maybe I'm wrong.

[yashovardhan]

@1swaraj can you help us out here

[YZhenY]

nothing out of the ordinary here,

so the post box key youre getting back is different? without any config change?

[ealeksandrov7]

I did 2 things actually:

1. I tried adding/removing the WebStorage module, because I was trying to figure out how to to get the device share for my react native app. (btw no luck there, so I decided on generating a new share and storing it in a local secure storage - is that a bad idea?)
2. I went from custom verifiers to the "built-in" ones

Other than that I haven't changed the storage layer nor called the _initializeNewKey method.
Hmm, if that doesn't make sense, I guess I'll continue testing it and come back to you if this happens again. Maybe I'll have more info
then

[YZhenY]

If you changed your verifier, you'll have changed the PK you get back as the postbox key

Verifiers are scoped to auth, and each verifier gives a different PK - that would be the reason!