Bug: Human ID Stamp Verification Failing with Client-Side Errors on Passport

[lebraat]

Bug Description:

Users are encountering client-side errors when attempting to verify Human ID stamps through the Passport modal at https://app.passport.xyz/dashboard. The verification fails when users click "Check Eligibility", preventing them from collecting the Human ID stamp. This issue is specific to Human ID stamps only - other stamps appear to be working correctly.

Acceptance Criteria

GIVEN a user is on the Passport dashboard
WHEN they attempt to verify a Human ID stamp by clicking "Check Eligibility"
THEN the verification should complete successfully without client-side errors
AND the stamp should be added to their Passport with appropriate points

Current Behavior:

• Users receive error: "Application error: a client-side exception has occurred"
• Verification process fails and stamp cannot be collected
• Points do not reflect in Passport even if users complete verification elsewhere

Expected Behavior:

• Human ID verification completes without errors
• Stamp is successfully added to user's Passport
• Points are properly reflected in the user's humanity score

Error Details:

1. PostMessage Origin Error:

   • Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://humansignon.com') does not match the recipient window's origin ('https://app.passport.xyz')

2. Invalid Private Key Error:

   • Failed to sign message Error: invalid private key, expected hex or 32 bytes, got string

3. Additional Console Errors (from screenshots):

   • ERR_TIMED_OUT errors for iframe loading
   • Failed resource loading for "allowfullscreen" attribute
   • DataDog browser SDK storage warnings

Reproduction Steps:

1. Navigate to https://app.passport.xyz/dashboard
2. Select Human ID stamp verification
3. Click "Check Eligibility" button
4. Observe client-side error and failed verification

Affected Components:

• Primary: Human ID SDK integration
• Wallets: Confirmed with OKX Web3 wallet and MetaMask
• Environment: Production (app.passport.xyz)

Workaround:

Users can verify directly at id.human.tech, but this does not sync points back to their Passport profile

Investigation Notes:

• WAAP/Silk has been removed from Passport, ruling out that as a cause
• Issue appears to be within Human ID SDK code based on error messages
• Possible cross-origin communication issue between Passport and Human ID service
• May be related to wallet signature handling given the private key error
• Logs available in DataDog for further investigation

Priority: HIGH

• Multiple users affected (reports spanning from Oct 9 - Oct 20+)
• Core functionality (stamp verification) is broken
• Impacts user experience and adoption of Human ID stamps

Open Questions:

1. Is there a specific wallet configuration or browser extension causing conflicts?
2. Are there any recent changes to the Human ID SDK that could have introduced this?
3. Is the humansignon.com domain still being referenced somewhere in the SDK despite WAAP removal?
4. Why does verification work on id.human.tech but fail on passport.xyz?
5. Is this also affecting Embed users?

Next Steps:

1. Review DataDog logs for detailed error traces
2. Investigate Human ID SDK code for any references to humansignon.com
3. Test cross-origin communication between Passport and Human ID service
4. Consider implementing better error handling/retry logic for stamp verification
5. Add monitoring alerts for Human ID stamp verification failures

[calebtuttle]

This should be fixed, though I want to look into the error handling a little bit. The line that caused the error was nested inside a try block, so it should not have caused the application-level error that it caused.

Worked with a user, and the issue was that their signature was a 62-character hex string, and we had not added sufficient padding to make it 64. Adding the padding fixed it.