RE: SteemConnect 3, beta release looking for testers
Excellent! I have migrated most functions already, love the new error messages btw! But I was wondering about one thing: With v2 and getLoginURL
, the steemconnect oauth token is sent to our API once upon login where it is then verified with the me()
call (if valid, our API returns our own JWT, signing of Steem transactions is always done client-side only). The JWT received when logging in with Keychain or the Steemconnect returns a signed message instead, so I have to change our API implementation - is there any tool in the Steemconnect module to verify that the signature is valid and belongs to the correct Steem account or would I have to write my own implementation, e.g. by obtaining the account's public keys with dSteem? Is the Universal log in safe to be used in production already (our beta goes public next week) or should we use getLoginURL
until the release?