Auth from website?

So I know that apps made for the safe network can auth with the launcher/client, but I was wondering about websites?

I’m thinking for websites where you’d want a user account. Would the site need to have it’s own user database, or could it simply auth using the SAFE network?

I’m not quite sure where to start with this. For example I’ve been trying to figure out how one would create something like YouTube replacement on the SAFE network or the like.

1 Like

As SAFE clients etc. have a public key (even throw away keys) they can auth with this. So sign a request and then their session can be validated each time. Requires websites agree to use the SAFE auth though. IT makes sense as then they have no password thefts as they have no passwords (and never should have in the first place).

6 Likes

And what @dirvine means by “throw away keys” is that you can make multiple personas to be used on one or more sites. One per site, one persona only, or a mixture of the two.

One login != one persona. Although, there is talk of limiting personas per login (boo!!!)

2 Likes

How would you get/request that key though?

I’d prefer multiple personas as well, but I was thinking, if you had say, a forum or something on the safe network, and someone kept posting pictures of CP or something you didn’t want on there, how would you ban them? IP bans are out the window I think…

2 Likes

Sure, but keep in mind they can throw away an old persona and come with a brand new one to take over where the old one left off. Even with the “three-at-a-time” limit.

Take a look at @Seneca’s Project Decorum and how he plans to display content though, I think you’ll be pleasantly surprised.

You simply post to http://localhost:8100/auth.

This documentation is for the old API verson. The new version’s payload is:

{
  app: {
    name: String,
    version: String,
    vendor:  String,
    id: String
  },
  permissions: Array[String]
}

This returns the following response:

{
  token: String,
  permissions: Array[String]
}

Now each time you communicate with the launcher you send your token to associate your request with your website.

3 Likes

This would only work for webapps on your local machine. Browsers should and would block local and cross domain access for websites.

There’s some ideas for exposing launcher methods through the browser in my proposal over here (SAFEr Browser(s) Proposal).

But the API should be available for websites as part of a standard browser experience. How exactly hasn’t been defined yet. But a RESTful like API should certainly be implemented for websites to gain access, imo. Whether that’s direct to the launcher or passed through a browser layer first also needs to be decided.

I don’t want to derail the thread but wonder a parallel query will be whether in the same way pay per view websites will be possible in the same way. Will the launcher manage authentication and payments?

We have just done this with our Concept version of SAFE-FS, available at mockup2.safe-fs.io

Used @eblanshey 's great Javascript toolkit for the API commands

2 Likes

It is better to look at the launcher source code, currently. It is the best source of truth. Test utils is good:

https://github.com/maidsafe/safe_launcher/blob/master/tests/test_utils.js

1 Like

Is this just a concept, or is it actually functional?

Both technically, a functional concept :slight_smile:

The “/auth” API functionality with the launcher (v0.4.5) is there, but it’s not the final design or product.

Still building the functions to upload and host the users’ data onto SAFE

3 Likes

Fugg. Welp, I guess I’ll just have to do a no auth version of my project to start with.

Why’s that? ,

EDIT: and to clarify above, I was talking about my SAFE-FS concept, not MaidSafe’s APIs. Only my concept is in its early version, I wasn’t talking about the APIs. Hope that wasn’t confusing, and you should feel free to use the SAFE Network APIs since they are functional. I see that I should have been more specific above

1 Like

I think we need to build forums and such like around a pull rather than push model. In the past content has been pushed to a central hub by users. Users post TO a forum where other users can view it and if the content is unsavory the user is disallowed access to push their content to the central hub of the forum. I think we need to change that model and instead have users pull content from other users, such as projects like Project Decorum would imply, where a user would have content available and other users could pull it to them. The forum would in essence be a way to search, create and manage content playlists where one pulls content from various users. So if a user would posts CP or even an off colour joke someone doesn’t care for the result is the same, they can simply unsubscribe from that line of content or not subscribe to it in the first place.

So a forum could work something like this:

  1. User creates a content playlist.
  2. Other users preview and/or subscribe to user’s content.
  3. User comments on other user’s content (which is really just creating another playlist associated with another content playlist/group). In essence content lists can be linked/create associations with one another. If user subscribes to A, they automatically subscribe to B and C as well. (One could have a setting where this could be changed so one DOESN’T automatically subscribe to comments for example.)
3 Likes

Ahh, well I was under the impression that the launcher doesn’t have a finalized way of handling web auth. Also, I don’t fully understand it. Mostly because I’ve never worked with JavaScript or anything web dev before. Really just learning it for the SAFE network lol.

This is an interesting concept, but for me personally, I don’t like it. I don’t like the idea of people being able to pick and choose what they see in a discussion. It’s part of what I hate about today’s Internet. It’s all too easy to just pick and choose the things you get to hear, so you can build a nice little echo chamber where you never have to hear a dissenting idea or opinion.

I feel like that kind of thing has been and is becoming increasingly more damaging.

That’s just me though, and for many things it sounds like a pretty good design concept.

1 Like

I don’t think this is a coding issue but rather a cultural one. If people are free to subscribe to whoever they want they can have a wide diversity of opinions and voices as much as they can create an echo chamber and a nice little “safe space” for themselves. Remember that these days social media are largely being influenced by corporate advertising and profits and not by social choices. I agree people should become more tolerant of dissenting viewpoints and learn to discuss things but that’s a cultural issue. People will tune out viewpoints they find intolerable mentally and emotionally whether they have code to support that cognitive dissonance or not.

2 Likes

Sure but I think modern tech makes it a lot easier to actually block it out. It’s harder to simply ignore things when you’re actually forced to confront them.

It certainly is a cultural issue, but our current tech certainly enables and to a degree encourages that behavior.

1 Like