We at OpenSeed have a huge amount of respect for @fabien and SteemConnect, the tool he developed. SteemConnect plays a critical role in the Steem ecosystem and we believe that it is important that this tool continue to exist. If you haven’t already, please head on over to his Steem.DAO proposal and throw it a vote!
Throwing Shade?
But if we love SteemConnect so much, what’s up with the title of the post? Well, since we tend to talk about OpenSeed almost like it’s a “swiss army knife” for application developers, one thing we haven’t highlighted as much is the fact that OpenSeed also solves many of the same problems as SteemConnect.
SteemConnect is great if all you want to do (as a developer) is gain the authority to perform Steem transactions on behalf of your user. It’s a dedicated solution to that problem, and a very secure solution at that.
Customizable Passwords
OpenSeed’s approach is a bit different. Our goal is to enable developers to offer all kinds of features to their users in addition to user authorities; features like encrypted messaging and, as we just disclosed earlier today, fungible and non-fungible tokens. OpenSeed also offers the ability to sign into applications with a customizable password, you know … like you do on every other site on the internet.
Steem Verification
We then allow the user to “verify” their Steem account, thereby linking their OpenSeed account to their Steem account. Most application developers just want their users to be able to perform certain actions within their application, some of which may involve the Steem blockchain.
If a user verifies their Steem account on OpenSeed, and a developer integrates OpenSeed into their application, then all the user has to do is sign into the application with their OpenSeed password and they will be able to perform whatever transactions they need through the OpenSeed network without ever having to input their private keys.
Community Developers Wanted
We don’t yet have a user interface developed for these features, but developers are welcome to build their own or adapt their existing sign in pages and hook into OpenSeed on the backend. We’d love to develop some stock frontend elements for these features, so if you're a frontend developer and are interested in helping us ship that product, be sure to stop by our discord server and let us know!
Finally, OpenSeed is very much in the prototype phase, unlike SteemConnect which is a mature solution. We’d love for developers to test out these features so that we can find any bugs and make it even more useful.
That's cool, a bit like EasyLogin that I wrote for TravelFeed to enable keyless logins, I always believed that this would benefit all Steem apps! Will signing in be possible through the API, so that unlike Steemconnect it won't be necessary to visit an external site and users have the same experience as when signing in with a native account (downside: password security)?
I have some components based on React Material-UI for login and sign up
So the short answer is yes. Whatever is required to utilize steem to the fullest will be possible through the API. Signing, posting, adding and removing rights to apps to post on your behalf, and I'm confident that what is currently employed is good enough for most posting operations.
Things that require the Active key (transfers, buys, etc.) however will be handled with greater care and is still in development. When I feel that its good enough for others to use I'll write a post about it so everyone can check my work.
Password security is an issue, but as the backend / server developer my goal is to make it so that no one can get the password from the API or the server through nefarious activities. Beyond that there is little we can do if the enduser puts their password on a post-it note or some other silly practice that I've seen working in Infosec.
As far as your react Material-UI stuff. Is the code available somewhere? Or is there a good tutorial you would recommend?
That's great! Having an API is much more convenient than being forced to send users to an external site. The good thing about a solution like Steemconnect is though that if a site was attacked using XSS the attacker couldn't sniff any passwords since those are entered only on the Steemconnect site, that's what I meant about password security.
The components are available in the TravelFeed repo under MIT license on https://github.com/travelfeed-io/travelfeed-io/tree/master/components/Onboarding To see them in action you can go through the sign-up process on https://travelfeed.io/join
Material UI also has an excellent documentation available on https://material-ui.com/getting-started/installation/
Can you please @openseed, make it possible an option to log in only with a posting password inserted in your app?
I'm looking forward to see what we can do with OpenSeed! I'll get in touch if we come up with any feedback/suggestions.
Hope it will get live soon.
Congratulations @openseed! You have completed the following achievement on the Steem blockchain and have been rewarded with new badge(s) :
You can view your badges on your Steem Board and compare to others on the Steem Ranking
If you no longer want to receive notifications, reply to this comment with the word
STOP