Steem OAuth
Open Authentication for Steem, can it work in practice?
What is Open Authentication? (OAuth)
Open Authentication is a process in which one website provides your identity for another website. For example, you might have logged into YouTube with a Google Account, or you may have logged into Twitter with Facebook. Here Google and Facebook are providing YouTube and Twitter, respectively, with a key which confirms you are who you say you are.
The details are not really important to an average person. What is important is that when you log into Twitter via Facebook, you are never giving Twitter any of your login credentials.
The Problem
The Steem community is amazing and it is very exciting to see all the active development happening around this platform. However, I foresee an issue which may compromise the integrity of the platform. Websites which have you log in via your steemit are saving your credentials (or at least a hash of them) on their servers.
This is bad.
Your credentials are also the credentials to your wallet! So does this mean we shouldn't log in anywhere other than Steemit? Well... no I'm not proposing that the developers of Steemit and Dtube have some nefarious goal of stealing your credentials. What I am saying is that for future adoption it would be much safer to have some means of Authentication through a central party. It feels counter-intuitive to suggest a centralized approach to a crypto issues, but until there is some form of decentralized OAuth, this is probably the best we can do. Imagine if in the next couple of months 10 or so new applications were released on the Steem blockchain, would you be able to trust all 10 of them 100% to store your password safely and never look at it?
What now?
The current OAuth approach wouldn't really work because posting to Steem requires the users private key, which is what we want to avoid passing around. I can only imagine that this might need to be implemented into Steem itself rather than a 3rd party. Unfortunately, my knowledge ends here. I'd love to hear your thoughts.
Do you think this is a problem?
Do you care?
Can you think of a solution?
Let me know.
Thanks for reading!
Need for ability for OAuth with Steemit for third-party applications is really-really needed. For instance, I do want Steemit users to do login at Steemit and get logged to my https://aigents.com/ site automatically. This how OAuth is done by all social networks, including Facebook, this is what is provided with online payment aggregators like PayPal or Citi: https://developers.facebook.com/docs/php/howto/example_facebook_login http://futurebanking.ru/post/3518 https://developer.paypal.com/docs/integration/direct/identity/log-in-with-paypal/