Solutions for account creation/log-in and signing
In order to support most of the recommended functionality, users will need to sign-in to the dApp and transactions made by the dApp need to be signed by the private key which owns the FIO Address. The following is a list of considered approaches. Multiple of those may be considered.
Solution | Description | Log-in | Sign transactions | Pros | Cons |
|---|---|---|---|---|---|
User/name password | Duh! | YES | NO |
|
|
Using password to generate and/or encrypt and store private key or seed phrase | The user will simply create a password and that password would be used to encrypt seed phrase which would then be stored by the dApp. This approach is used by:
| YES | YES |
|
|
Import seed phrase or private key | Allows a user to import FIO Private key or seed phrase into dApp | NO | YES |
|
|
Using 3rd party oauth | Users will be able to log-in using other accounts, such as Google, Facebook, Twitter, Coinbase, etc. | YES | NO |
| |
Using private key or seed phrases on every interaction | The private key or seed phrases would be generated on site and the user would be required to write them down as they would not be stored on the server. Every time the user wanted to sign a transaction they would have to copy/paste the private key or seed phrases. This is considered a very unsafe practice, as it susceptible to MITM attacks. There are however sites that use this approach today such as Coinbase Commerce and MEW (though they discourage it strongly). | YES | YES |
| |
Scatter/Anchor | Both wallets support signing of FIO transactions and may be easily enabled as wallets to generate and store FIO private keys | YES | YES |
|
|
Wallet Connect | Wallet Connect is an open source standard for “connecting” wallets with web dApps for the purpose of signing transactions. It supports many wallets, including Trust, Coinomi, Atomic, Infinito. It is primarily being used for Ethereum dApps, although Bianance Dex used it to connect with Trust wallet. FIO Chain signing would have to be “enabled” by each of the wallets implementing and some wallets (i.e. Trust) have indicated the yare not interested in enabling other chain | YES | YES |
| |
Portis white label | YES | YES | |||
Browser plug-in | A browser plugin would store FIO Private keys and sign transactions, akin to MetaMask | YES | YES |
|
|
Example of Anchor Authentication
Here’s an example of how this mechanism currently functions between bloks.io and Anchor Wallet. The example is for voting, but it would work the same way for any transaction.
Additional Features and Functionality
As we explore additional features related to FIO (Wrapping, DeFi, Incentives, etc), a web-based dApp could provide a mechanism for onboarding users to the FIO experience, including a simple process to get their first FIO address via a basic login/password approach or a login with Facebook, Google, Twitter, etc approach, similar to how easy WAX Cloud makes it to get a WAX account. From this perspective, a web-based app focusing on FIO interactions might be useful in many different ways and expand from there to cover more features in the future. Examples include:
Keeping track of all your FIO Wallet names across multiple wallets (luke@edge, luke@stokes, luke@shapeshift, luke@infinitowallet, etc) and potentially showing (and allow for adjusting) mappings for these wallets (and potentially balances at specific times which is very useful for accounting, taxes, etc).
Keeping track of which FIO NFTs you own across multiple key pairs, including which ones have been wrapped and exist on other networks like ETH and where they exist now on those networks (are they on OpenSea? Are they connected to a specific ETH address, etc). For wraps, it could show outbound transactions you initiated or the history inbound transactions (from ETH to FIO, for example) you now control.
The date any FIO address was registered, how many bundled transactions it has remaining, a link to renew it / add more bundles, any other useful information on it (such as accumulated FIOPs, when we roll that feature out)
When DeFi integration begins to take shape, a page to report on the various tokens that have been locked up via messages sent via FIO and details on how to unlock them, etc. This could evolve into a full reporting tool on DeFi activities empowered by FIO with instructions on how to participate in other DeFi / CeFi opportunities using FIO.
Easy onboarding (create an account, register a FIO address or domain or both, transfer it somewhere else later)
More challenging: build something with actual wallet support starting as a web app and Anchor + MetaMask support. This would give us all EOSIO tokens, all Ethereum tokens, and Binance Smart Chain tokens. Using FIO might be a little clunky in that you’d sign FIO related actions with FIO-enabled Anchor and token transfers with EOSIO-enabled Anchor or MetaMask.
More challenging: build a reference implementation wallet (or work with a team already doing so, such as GP) that can highlight the best possible example of integration with FIO in a wallet experience. This can then be user-tested to improve it even further and eventually give it as the gold standard of what a FIO integrated wallet should look like. We can then user test against our existing FIO enabled wallets and see how they compare, ideally encouraging our wallet partners to make incremental changes towards the better experience we’ve demonstrated and supported with user testing data.
Use existing exchange APIs to map all deposit addresses for a user. Coinbase Example: https://developers.coinbase.com/api/v2#list-accounts This could be done with all exchanges (and crypto enabled APIs). This could end up being a sub component of the FIO Dapp.
Other documentation
https://drive.google.com/file/d/1mhoej8dDMhgPxphzrEhbkVW0BbiuMQfm/view?pli=1