shapeshift
ShapeShift Native Wallet - Only prompt password entry if necessary
Overview
Currently on app.shapeshift.com, native wallet users are prompted to enter their password every time they visit or refresh the app. Ideally, users should have to enter their password minimally, like the first time they are signing a transaction per session. Further, if a user has already unlocked their wallet to sign a tx and then refreshes the page, ideally they don't have to unlock their wallet again to sign another tx.
Q for engineering and security:
- Are the AC below reasonable to implement?
- Any better ideas for how to improve this UX?
References and additional details
n/a
Acceptance Criteria
AC:
- Users are only prompted to enter their native wallet password when they are connecting their wallet for the first time on a browser or signing a tx
- Users can see their native wallet's data and interact with the web app while their wallet is 'locked'
- If a user's native wallet is 'unlocked' and they refresh the page, their native wallet is still unlocked
Need By Date
I know there are ongoing discussions about native wallet's future, so no rush on this, esp. if it is one of those things that's easier said than done. I defer to engineering on whether it makes sense to prioritize this rn.
Screenshots/Mockups
No response
Estimated effort
needs engineering
Technically, this would probably mean running the native wallet in a SharedWorker or ServiceWorker, and needs the same infrastructure as #713. I built this infrastructure back in January in the form of https://github.com/shapeshift/hdwallet/pull/400 and https://github.com/shapeshift/hdwallet/pull/401. On review we decided to pull some of those functions out into a new utils package, but that never happened.
(Personally, I think the perfect has become the enemy of the good there.)
marking as low priority due to complexity and potential for deprecation of native wallet.
