Working on Hive Authentication Services integration for the Condenser

in HiveDevs4 months ago

Since couple of weeks before the Christmas break, I've been working with @arcange and @stoodkev on implementation a support for Hive Authentication Services (HAS) for the Condenser.

In a nutshell, HAS allows you to login and perform operations on the blockchain via your favourite app without the need of giving your private keys to the app. It is using what's called PKSA (Private Key Storage App), Hive Keychain is a PKSA for example, installed on your mobile device to do the signing.

You might think you don't need HAS since you are already using Hive Keychain chrome browser extension. But what if you were travelling and don't have your computer with you? Would you trust the public computer enough to install Hive Keychain and enter your keys? With HAS, your app can just use the HAS server as a communication channel between the app itself and the PKSA. You just need to scan a QR code displayed on the app and scan it with Hive Keychain for example.

Here is a screencast of the Condenser integration in action:

Screen Shot 2022-01-11 at 3.33.53 pm.jpg
https://share.getcloudapp.com/04uLeeWG

What's been done so far:

  • integration with the login popup
  • generating the QR code
  • authenticating via the PKSA app
  • making a post / comment
  • making a vote

Screen Shot 2022-01-11 at 3.34.16 pm.jpg

Screen Shot 2022-01-11 at 3.35.30 pm.jpg

I now still need to handle errors coming back from HAS server and the PKSA.

Things are still beta at the moment and there are few challenges to overcome.

Sort:  

I love the IDEA of H.A.S. and have been using it with PeakD if you need to test it out to see how we're doing it you can try it on beta.peakd because you have beta access to HAS enabled keychain. We still have a few things we plan to impliment to help HAS users.

The keychain app still has some ways to go and the connection timeouts are annoying and i'm worried about the discussions about iphone not working as well as android... and worried about how annoying switching accounts will be... but we'll see how it all shakes out.

Thanks to the recent "sessions whitelist" implemented into Keychain, it made me forget I was using the peakd+HAS version while playing with peakd beta.

Of course, there is still a place for improvements, both in Keychain and Peakd, but we already have something I consider fully functional.

Yes that made it useable! It's awesome improvement.

I will check it out. Meanwhile you can also check the beta for Condenser on https://hivean.com

Very cool! Excited to see this one being launched. Actually read through this proposal last week and voted on it as per @arcanage reaching out! So awesome to see you guys have made some progress!

yea it's a need idea indeed.

It would be a great implementation and finally we would not have to enter our private keys in every public computer. Waiting for its release!

Indeed.

I like the idea of the HAS....keep the good work. Certainly there would be errors and few challenges, kind of normal... thanks for updating us as usual.

!PIZZA

PIZZA!

PIZZA Holders sent $PIZZA tips in this post's comments:
@samostically(1/5) tipped @quochuy (x1)

Join us in Discord!

Interesting development!!!

This is quite innovative. Clears concerns about keys getting stolen to the barest minimum.
It will have to be made seamless to make it really fly.

You've done a great job with HAS. Hopefully those who have problems with the key chain will find a solution to use it. Nice to hear about HAS .

Is there a live Beta server somewhere to try out?

I just tried it out on https://beta.peakd.com and my mind is blowing!

Though it seems that if I close the app on my phone, I have to re-open it whenever I try an action that needs a different key.

Altogether though this is very interesting.

There is a beta on my dev website too https://hivean.com/.
Yes, there are some drawbacks as you have noticed. On Android you can apparently send the app to the background and it still works. iOS is a different story.

I'm logged in right now on beta.engage.hivechain.app and my phone is on the table next to me open and working perfectly.

There's a lot of user explaining needed but this is really heading in a good direction for all of us.

Is this similar to when one logs in to Binance in their PC and they have a QR code that there for you to take a picture of with your phone that has your Binance login already stored?

I haven't used that method for Binance before so I'm not sure. @arcange?

Binance QR code just contains an URL that brings you to their login page. It provides comfort but no really improved security.

Yes, the QR code is found in the login page when you are accessing Binance in your computer, once scanned by the Binance phone app, your computer web browser then auto logs in for you.

I like that feature since I don't have to enter credentials when logging in to the computer, especially when I have already done the authentication process on my phone.

The idea both of you are trying to implement sounds similar to me, which I think is very handy and I do feel it is secure since only the one with the phone access (yourself the owner of the phone) has already logged in on it and are the one that is pointing the QR reader on the code on the screen.

Can't wait. That should be a good way of adding an ease f use function to hive.

Thank you for the awesome work provided at integrating HAS into Condenser. I'm looking forward to its integration into the wallet site.

i wish we could somehow use the old work of @jesta whose vessel desktop wallet helped him to create his @greymass eosio wallet which has really cool mobile wallet for ios and nadroid now, with biometric login that will work with @edenos

I wish we could have hive wallets controlledby an eosio wallet because its similar keys, I mean wax atomichub has p5 private keys on Links used to give away nfts, it makes me think we could do a russian nesting doll move and have a hive account controlled by an eosio wallet right? right?? Ellipsis Fancy Curvey signatures? Chains within chains?

If EOSIO has edenos with biometric logins with no keys just face logins, then id love to use that to login to anchor and post to hive from the eos wallet, why not right?

I’m no mobile app developer. Not sure what’s involved. @stoodkev?