SteemConnect Beta : Release note

in #steemconnect8 years ago (edited)

Release Note

Steem Connect Release Notes (Beta)

Version: 0.2
Release date: December 8 2016
SteemConnect is a service that manage authentication for your app Steem based.
(more infos on SteemConnect announcement)

Features

Edit your public profile

  • Upload your avatar
  • Cover picture
  • Edit your name, website and location

Plugins

  • Profile image gravatar solution
  • Vote widget
  • Payment link

Setup your app

Security and flow

On Log In

  1. You fill your password or posting wif on Steem Connect login form.
  2. If you filled a password it’s converted to posting wif in browser side.
  3. The posting wif is encrypted with csrf token on browser.
  4. A request is sent to the server with the encrypted posting wif.
  5. Server decrypt the posting wif then encrypt it with a server secret salt and create a cookie which is saved in user browser.

On Public Profile Update
For account metadata update, user is required to fill his active wif to broadcast the transaction on browser side. This wif is never saved.

For more information you can contact @fabien and @nil1511

Missing features

  • Activity page
  • Wallet page with transfer list
  • App store
  • Manual signer popup for any transaction for untrusted sites
  • Desktop app
  • Mobile app

Known issues

  • Image server may fall due to number of request.

Stack & requirements

  • Node.js
  • Express.js
  • React.js
  • Redux
  • Webpack
  • Steem.js

Source code

You can import the code and deploy it on your localhost. It should work out of the box. You're free to also explore the code
https://github.com/adcpm/steemconnect.com

Reporting issue

Please report an issue if it has not yet been listed on GitHub.
https://github.com/adcpm/steemconnect.com/issues


Additionnal Links


All rewards from the @busy.org account will be used to fund our projects


Sort:  

Can I ask that you, as I would like to see witnesses in general do, briefly describe where you stand socially and politically on a few issues of your own choice.

(in this case the group in general)

In my opinion, this gives a better understanding of the more personal motivations that could be driving a witness at some point in time.

"few issues of your own choice."

what kind of issues do u have in mind ? :)

I'd prefer you chose the issues yourself, but for example:

What political leanings do you have?
Are you of any particular faith?
Do you go by any principle in your view of how to organize society?
What is your future vission for Steem as such and perhaps for the technology (including Golos etc) itself?

i don't feel like a comment is the right place to answers these questions that are particularly requiring deep reflection, profound thoughts, to express my own political leaning, particular faith or principle. I don't even think it would be good to talk on behalf of the busy team as it would involve my personal opinion.. I planned to post more on my own account and blog about these specific topics because i have a lot to say.. But i was quite @busy.org these days.
In fact I definitely need to allocate time to this. Not only because you asked, but because i really want it ;)
All i can say to answer your questions somehow, is that i'm not fixed on specific principle or particular faith, but I define myself as a innovation philosopher, anarchist and visionnary and i found in Steem many people that shares the same motivation and energy to change the world. But even if some people can have different faith and political views, we can still feel this energy that is totally undependant of these leanings.. Answering it in such a small comment would confuse people and abuse of Labelling that are in fact not really well defined.
check my blog in the next few month i commit myself to post more on these topics ;)

Very well. Thank you for your answer so far!

So I still get nothing, like I have last week.

I set the options, save, and then nothing.

I don't get a code example of how to hook into it, nothing.

How is this beta for use? Can you please provide more information on how to use?

Thank you.

Hello, we still don't have much documentation, you can find a code example here: https://github.com/bonustrack/bonustrack.github.io/tree/master/tutorials/comments
It's using Angular, Steem.js and SteemConnect SDK here is the demo how it look like: https://bonustrack.github.io/tutorials/comments/ . If you contact me on Rocket chat (@fabien) or channel #steemconnect I can help you step by step.

Thank you very much. Please consider just adding that, what you have, to the bottom of the App creation page. A link to some other page, or something, hehe. It would make it easier for people to find. Thanks for the great work! Peace.

Thank you. I've just updated the SteemConnect SDK npm & github repo with some documentation see here: https://www.npmjs.com/package/steemconnect

Thank you!

tack så mycket

So if I understand correctly when an app uses steemconnect the avatar/cover picture and info will be directly transfered to that app correct?

The avatar and cover picture url are stored on the blockchain. You could get this information by requesting the blockchain or you can get user avatar on your app by using SteemConnect "gravatar" solution. Just add this image with the username and size you want: https://img.steemconnect.com/@ned?size=200

I like the idea of this connector here @busy.org
I just created Steemwriter and it might be something I could connect through SteemConnect to allow the posting to work. Lots to learn though on your steem.js and api. Lots to learn...

I'm surprised that no one discussed the risks of current security model here, nor any mentioned in OP, nor any disclaimer.

IMHO OP SHOULD explicitly list the risks this service would have. And everyone should clearly know the risks before try the service.

//Update: saw some discussions in another post (link), that's a good thing, but we need more such.

Actually we got a lot of discussions about it and few members have approved the flow. When you was writing this comment you probably was thinking that SteemConnect store your posting WIF but it's not the case. We are not storing any WIF and will never do it. Your WIF is on your cookie encrypted.

Hello! I am thinking about working on an application similar to Metamask for Steem. Seems you all have done something very similar. Hoping to clarify a few things to make sure I am not doing the same thing as y'all. So once a user logs in, will they then be able to use any Steem App that has integrated SteemConnect?

You have said their password is not stored. How are transactions dealt with once the user is logged in?

Is the user ever trusting a third party with their password?

While sharing your "busy" if we use the tag support like you said. However, this is only 1 out of 8 that I made using the label share do you like one of them. The reason for this?