SteemLogin - a new and easy way to sign in to Steem!
SteemLogin is a brand new application providing the easiest way to login to the Steem blockchain using mainstream authentication providers such as Google and Facebook.
By adopting SteemLogin, Steem application users will never need ever again to enter their 50 character posting key to contribute and upvote content on the Steem blockchain.
Interested? Then read on!
What is SteemLogin?
We are delighted to present you SteemLogin, a brand new application easing the process of authenticating users with the Steem blockchain.
By adopting SteemLogin, Steem app developers enable their users to sign in using their Google, Facebook, Twitter or GitHub account!
More precisely, SteemLogin allows users to store once and for all their Steem username and private posting key on a secure Cloud Firestore database, a solution provided by Google aiming to eliminate the need for application providers to host, scale and secure their own backend database.
Once stored, the Steem username and posting key information is sent securely over HTTPS to the application upon successful authentication with the aforementioned providers.
This process will work across any Steem app enabled with SteemLogin and across any device!
Why use SteemLogin?
A posting key looks like this:
This is a 50 character hash which is impossible to memorize and difficult to enter without making any mistakes.
You seriously expect me to type this in?!? (credit: Pixabay)
While such passwords are very awkward to type in on a PC/laptop, the task becomes even more painful when using handheld devices.
In our opinion this is one of the main barriers standing in the way for wide adoption of Steem applications!
In this day and age people have come to expect being able to login to most applications using mainstream content providers and social networks.
This is the user experience that SteemLogin will provide to your Steem apps!
How secure is SteemLogin?
We take the safeguard of Steem users personal data very seriously.
SteemLogin will only store a user's posting key and username and will prevent anybody from inadvertently supply more sensitive keys such as the active key and owner key.
What is the posting key for?
The posting key can only be used for posting, editing and upvoting content on the Steem blockchain, which is what most people do during their day to day use of Steem applications.
In particular, the posting key does not allow financial transactions to be performed, nor does it permit to update personal information.
Yet, SteemLogin treats the handling of the posting key with the upmost care.
- All information exchanged with external Steem applications and authentication providers are transferred encrypted over HTTTPS.
- Users' Steem usernames and posting keys are stored in a hosted Cloud Firestore database with security rules preventing users from accessing other users' data. These security rules are a core and unique feature provided by Firebase which makes this solution particularly suited to SteemLogin.
With our declarative security language, you can restrict data access based on user identity data, pattern matching on your data, and more. Cloud Firestore also integrates with Firebase Authentication to give you simple and intuitive user authentication.
From the Firestore information page
- SteemLogin follows OAuth2 design principles and does not return directly tokens and keys back to the client in a way that would leave traces within the user browser history.
- SteemLogin verifies that the user does not accidentally store any other Steem key than the posting key. Owner keys, master keys, passwords and similar sensitive material cannot be stored within the database.
- SteemLogin is open source. The code can be downloaded and analyzed by anybody from our GitHub repository
Why not using Steemconnect?
While Steemconnect has been the de facto application allowing users to authenticate with the Steem blockchain, it still does not prevent users from having to input their active key within each application and each device.
In our opinion the complexity of entering a 50 hexadecimal key on a mobile device to access the Steem blockchain eliminates any chance for massive adoption of Steem applications.
Furthermore, current Steem login mechanisms provide zero integration with mainstream social networks and content providers, such as Facebook and Google.
SteemLogin addresses all of the above issues.
Once the posting key has been entered by the user, it will never need to be supplied ever again across any supported application and any device!
SteemLogin provides a familiar user experience
With SteemLogin, users are invited to authenticate in a manner that is very familiar to most.
Simply select your authentication provider of choice and authorize SteemLogin to access your basic profile information.
In this day and age this is the most common way to authenticate yourself with most online applications!
Enable your app with SteemLogin in 3 easy steps!
Steemlogin is free and easy to integrate within your app:
- Add a "login" link to your app which points to SteemLogin authentication URL (https://auth.steemlogin.net)
- Service your own authentication success/failure URL. Users will be redirected to these URLs upon completing the authentication procedure with their authentication provider of choice.
- Retrieve securely the Steem username and posting key from SteemLogin by issuing a GET HTTPs request with the supplied unique authorization code.
These steps above and more are explained in details on our web site developers page.
Which applications currently support SteemLogin?
StemQ - a Q&A application dedicated to STEM subjects - is currently the only supporting application but other apps are currently in the process of integrating their login process with SteemLogin.
SteemLogin has just been launched and its team is now actively getting in touch with other Steem app owners to get wider acceptance.
Who is behind SteemLogin?
Where can I find more information?
For more information, please check our official website:
We have also setup a Discord server for all suggestions and requests for assistance:
Looking for a logo!
SteemLogin doesn't have an official logo yet.
One of our first tasks will be to submit a new logo task request for the project.
Please let us know if you are a graphic designer and would like to propose a great artistic concept!
This is the first post in this series.