Steem Connect curators Broke my Site - Here is How
Using Steem Connect was a good way to avoid requiring users to trust my site with their posting private keys. Steem Connect would keep the private posting keys in the client's browser but provide the users with a fine grain control over what Steemfiles could do. Theoretically a site would ask for permission to vote but not post and then the program would only have the ability to vote as that user. The user still had to trust Steem Connect to not store the posting private key of that user. But my code never had access to the posting keys!
In the case of Steemfiles, my intention was to give Steemfiles zero authority. And just use Steem Connect as a login system.
Another version came out that interacted differently to the original steemconnect. That is just changing the URL would break things. This is to be expected.
Steemconnect maintainers @busy.org has now made the tried and true v1 URL provide the new and incompatible API of v2. This means there is no way for users to login!
With version 2 the user has to hand over the Steem equivalent of his bank card and PIN in order to authenticate in Steemfiles thanks to the irresponsable "upgrade" behavior of the Steem Connect managers. I feel its more reasonable to ask the users to give up their posting key than basically all of their Steem dollars and Steem.
The site was running fine with v1 of Steem Connect but now users are complaining about strange errors. And clearly I can see the v2 behavior on the v1 URL of Steem Connect. Just like in Steem Connect v2 now the authorization dialog asks for the active key or higher in the old v1 URL.
SC should have allowed authentication with posting keys in v2 like they have always had in v1. Steem post about retiring v1 would have been good.
What a mess.
Yeah I do not like this problem at all please fix it as soon as possible.
Thanks
I too am concerned about sharing my active key or higher. SteemConnect does expressedly say they require "owner, active key or master password" upon sign in. Would it be safe to do so with SteemConnect?
It's less safe than sending them all of your Steem and Steem dollars with a private agreement with them that they would send it back.
I hope that the security of our private keys are not compromised with these reported issues. This will severely affect the confidence in the Steemit platform.
i am not able to use steem connect for anything. it wont accept any of my keys.
Do the keys start with a digit five (5)? The private keys must be used. It also should be a private posting key for my site and I don't know whether other keys would work. Now the private posting key is the minimum power key we can ask for in order to use Steem Connect at all. That's why I use version 1.
none of the keys work. at all
Try dumping your cookies or another browser. If not double check your keys
Can you log into Steemit.com with your private posting key?
It turns out there is a post on how to fix this. I missed it. I have rolled out a fix on Steemfiles. Clients may need to delete thier cookies in order to log in.