You are viewing a single comment's thread from:
RE: Automated votes abuse on SteemConnect?
I didn't say we shouldn't handle key client-side, that's the opposite of what I think. I said that apps don't need their users key to do their server-side stuff. All transactions should happen client-side, in the browser, on the actual user pc. So yes, UIs need a proper way to store keys and verify them on the blockchain. That's what DTube and SteemIt does. That's hard so that's why so many app developers use SteemConnect because it abstracts all that away.
It really depends on a purpose of the app. For an interface like Steemit or DTube there is no need to store keys on the server side nor access tokens. But there are certain types of apps that need that, and as far as I know, it is way more secure to store OAuth2 tokens than private keys.