Multiple Blockstack App Login Integration


#1

Hello,

We recently announced a integration between Stealthy + Graphite Docs :tada:. The is what Stealthy as an iFrame in Graphite looks like.

The advantages of this flow:

  • Easy plug & play for the parent app
  • UX and updates all taken care of by Stealthy
  • Users can have all their chats in one place
    • Ex: AppSpaces in Stealthy for Graphite, Blockstagram, etc (think Slack Workspaces)
  • Encryption done by Stealthy, so Contacts are managed in one place. If you’ve added a user in Stealthy, or any other plugin enabled app, you can immediately talk to them without having to re-add them
  • Notifications can be sent to Graphite about new messages from Stealthy
  • There are more subtle details with regards to polling, storage, etc that I won’t bore you with… :grinning:

The primary disadvantage we see right now is the login flow:

  • If the user has never used Stealthy before, it’ll ask them to login and the current flow (open a new tab to blockstack browser, approve stealthy, redirect to stealthy.im) would be pretty cumbersome

Will there be a way to circumvent this issue? Some of the possible solutions we were discussing:

  • login done in the same window instead of new tab flow
  • option to login with Graphite + Stealthy at the same time, so both apps get their respective key pairs
  • shared private/public key pair between apps

Look forward to hearing your thoughts!

CC: @jude @aaron @yukan @larry @muneeb @ryan @hologram @jehunter5811 @patrick @jackzampolin


Proposal: Giving control of session state to app developers
Improving App Integration User Experience: Streamlined Logins
SOLID's linked data and Blockstack
#2

@prabhaav, I like this idea. It will be easier to share data between trusted contacts. Instead of signing up separately for each app, will it not be convenient to have a single sign on (at least using Blockstack Browser). However each individual can also login into separate app site where they are mentioned to login using Blockstack.


#3

I like the idea of signing into both apps at the same time, but I feel as though it is technically impossible with the way it is set up now.

Currently the auth flow is like this (AFAIK):

This is a one-to-one response; if you made the request using, say, an array of auth-request-tokens, you would get an array back and both apps would have access to both private/public keys, etc.

One possible solution would be for each app to generate a temporary public/private key and pass the public key to the browser to encrypt the response token, that way said app would only be able to decode their response (as long as they stored the private key in a cookie or localstorage (an iframe can do that right?)).


#4

I really like that Blockstack Apps have different key pairs and think it best for Apps not to expose private keys to each other. To that end I like your suggestion about the ephemeral key pair for encrypting the response token for each app.