BitcoinDesign
Sign in with bitcoin page
Addresses #732. Also see my exploratory videos here and here.
I am keeping this page as a draft for now to invite discussion. It explains the basics of how lightning wallets can be used to authenticate with and make payments to web applications. There's a lot more that could be added, and I'd like to get feedback on what would be the most helpful before opening this up for broad review.
Deploy Preview for bitcoin-design-site ready!
| Name | Link |
|---|---|
| Latest commit | e2125afa1bc7fc165269eca21dc94e46d2c8a955 |
| Latest deploy log | https://app.netlify.com/sites/bitcoin-design-site/deploys/63060169baea8d0008594944 |
| Deploy Preview | https://deploy-preview-885--bitcoin-design-site.netlify.app |
| Preview on mobile | Toggle QR Code...Use your smartphone camera to open QR code link. |
To edit notification comments on pull requests, go to your Netlify site settings.
![netlify[bot] avatar](https://avatars.githubusercontent.com/in/13473?v=4 "Published by a pub.dev verified publisher"){kind=small}
There is a pattern we're going to implement for allowing multiple keys to sign into a single account of a service. This can be used to address a constraint where different wallets/implementations don't support the same key signing / generation for the service.
@johnsBeharry I mention this on the page. The reasons I added was for convenience (connecting a mobile and a desktop wallet) and security (separating authentication from deposits) - I should add the one you mentioned about interoperability.
A discussion point on this page could be whether it belongs into "How it works" or "Reference designs". As written is more of a "How it works". To make it a reference design, it would need to showcase specific UX flows and solutions based on a defined product spec.
A discussion point on this page could be whether it belongs into "How it works" or "Reference designs". As written is more of a "How it works". To make it a reference design, it would need to showcase specific UX flows and solutions based on a defined product spec.
How it Works
@johnsBeharry can you give examples of these other types of mobile flows?
I made a small copy addition in this PR to the activity page, stating that it can also include authentication events. The image in that paragraph already shows an allowance being set for a website.
@sbddesign I'd appreciate another review. Thanks in advance.
Hey guys, a bit late to the party here but thought I'd provide some feedback and potential info...
i). Insert close brackets here...
ii). Making payments section
An alternative to reducing friction for frequent payments is to let users deposit satoshi into their accounts (and later withdraw them). This puts the service into a custodial position for the benefit of smoother payments (since they only involve database updates and not actual lightning payments).
Should we caution against custodial services? I'm sure this has been a debated topic long before this, but just thought I'd flag it. Perhaps we could say something like...
"Whilst custodial in-app wallets may provide more fluid payment experiences, users have to put their trust in 3rd party applications to not spend or confiscate their wallet balances without notice."
iii). Connecting multiple wallets section
a). Signing vs Spending
Users may migrate wallets and want to link their existing account to a new wallet. They may also want to connect multiple wallets to the same account. This could be for convenience, like signing in with both a desktop and a mobile wallet. Or it could be for security, like logging in with one wallet but making payments with another.
This last sentence threw me off slightly. It's a technical point, but a domain specific linking key is different from a private key that has the ability to spend coins. This sentence gave me the impression that my authentication key can also be used to spend sats inside a web app. However, this isn't the case as a new invoice is generated for each interaction and that can be settled by any wallet (not just a connected one). Of course I can use the wallet I've signed in with, but it's a separate private key.
b). Connecting multiple wallets as a recovery mechanism It might be worth mentioning that linking multiple wallets to an account is also a valid recovery technique, and can decrease the risk of account loss. We've just implemented this on BOLT🔩FUN's maker profiles.
