FIP-11: Sign in with Farcaster #110
Replies: 22 comments 43 replies
-
Would this allow the underlying app to cast on the user's behalf? Or simply verify they control an fid? |
Beta Was this translation helpful? Give feedback.
-
(Cross-posting from Warpcast) This is great! “The only downside is that if you have multiple wallet apps they might compete for the farcaster:// association similar to mailto://“ This will quickly become an issue IMO. Might make sense to address today as part of v1. Second - Do you imagine this as an option in a list of wallet options, i.e you have
Or you envision it closer to an oauth service
|
Beta Was this translation helpful? Give feedback.
-
One more quick question - how are you thinking about step 3? A user decides whether they want to scan the QR code or click the deep link in the modal? |
Beta Was this translation helpful? Give feedback.
-
The message should include
|
Beta Was this translation helpful? Give feedback.
-
Alternative signature suggestion: use ERC-4361 (Sign in With Ethereum), with FID as a scoped resource. (We'd need to define a URI scheme for FIDs). I prefer 712 signatures, and it's too bad that the message must read "wants you to sign in with your Ethereum account" (rather than "Farcaster account"), but this spec is pretty widely used and already anticipates a number of authentication edge cases. Mapping from the signature proposed above to 4361:
Something like:
|
Beta Was this translation helpful? Give feedback.
-
I would like to suggest that the farcaster:// URI scheme is defined in a separate FIP. We need a URI scheme that will allow linking or triggering actions that is application-neutral. For example:
In all of the cases above, in an ideal world I would use the farcaster:// URI scheme and it would trigger the user's default fc client, much like http://, ftp:// and other protocol URI schemes work. However, this requires there is a well-defined URI scheme that all farcaster clients can implement. I suggest we create a separate FIP to define the scheme. |
Beta Was this translation helpful? Give feedback.
-
I'd like to propose an alternative approach, which will require some changes at the protocol level but I think there is a chance of making the flow simpler. It may be a bad idea, but I wanted to share, just in case. The idea is similar to "tweet this message to verify your identity", but designed to not overload hubs, and avoid creating timeline noise.
The flow can be optimised by requiring the backend_cast to have a specific parent URL (ex: example.com/farcaster-login), to make it easy to use A side effect of such an architecture is that it can help farcaster become the messaging backbone used in other use cases too. For example, home automations triggered by backend messages signed by the home owner, that don't appear in their public timeline. Also, the service has a proof of login which it can keep in its records where this is required by law for example: the signed cast, which can be verified at any time, even if deleted from hubs. -- |
Beta Was this translation helpful? Give feedback.
-
Hi, I read through the discussion and I have some questions. First, I’m trying to understand what we are solving here. If the intent is that the user is able to sign in with ethereum and bring their Farcaster social graph with them, that’s already possible with Airstack APIs and devs are utilizing that. User signs a tx from their walket that is connected to their FC account and we are able to have their FC profile and social graph come with them. We’re finding that most users have their FC and ENS and Lens all in the same wallet that they use universally for logging in with ethereum. This alone is already useful for apps that want to leverage the social graph and identity of the user but maybe not write to hubs all the time (eg content recommendations, games, etc) Then if user needs to also sign and send messages or follow, signors can be authorized. The current Signor flow is pretty good but could also be improved. Ideally any app that user signs up for Farcaster with could issue signors rather than having to go back to warpcast, and/or any app authorized for signors could auth another app |
Beta Was this translation helpful? Give feedback.
-
— The data thus far (revealed preference) shows that it’s one and the same tho |
Beta Was this translation helpful? Give feedback.
-
This design seems to be optimized for farcaster apps that have a backend. Can a mobile app generate the nonce and link into Warpcast for the signature with a deep link back into the app as a callback url? An approach where an app’s client sits between a farcaster wallet and the app’s backend (if the app has one) will be more approachable for developers building frontend-only apps on Farcaster edit - oops, I over-indexed on the implementation diagram. looks like the |
Beta Was this translation helpful? Give feedback.
-
Could the app developer keep repeating steps 6 & 7 with the signature at each session launch instead of doing 8? |
Beta Was this translation helpful? Give feedback.
-
notifications can be turned off. Either we should have support for multiple wallet apps or people will need wallet with multiple accounts. 1 app, 1 wallet is very restrictive for developers that are testing all the time. Metamask doesn’t support multiple accounts after 5+ years. Another potential solution for multiple wallets might be to build out an onchain registry for wallet developers? An onchain walletconnect if you will.
|
Beta Was this translation helpful? Give feedback.
-
What’s the best way to keep siwf and signer spec close to each other from a developer UX standpoint? They’re basically signing in with different permissions using a farcaster wallet.
There’s a spectrum of permissions in between. Would we have other permission levels in the future?
|
Beta Was this translation helpful? Give feedback.
-
A critical component of the Implementation diagram is missing: the Domain Frontend obtaining an access token from Domain Backend to make authenticated requests with. I think this will be a pain point for app developers because they'll need to implement a secure mechanism to achieve this and it's not clear to me exactly what this should be. |
Beta Was this translation helpful? Give feedback.
-
Will this flow require higher quotas on the Ethereum RPC provider (Infura/Alchemy) for hubs? |
Beta Was this translation helpful? Give feedback.
-
@horsefacts What will this FIP require from FIP: farcaster: URI scheme? |
Beta Was this translation helpful? Give feedback.
-
About the name: @varunsrin said in the last team Dev Call that this will be called Farcaster Connect. I like the term, and I would like to take it a step further, and call it Farcaster Connect 0 (FCC-0). This will make it easy to use the same term (FCC) for all types of connection, without having to invent new terms. And it will also make it easy for users to understand the level of control they delegate.
If we have something in between in the future, it will be easy to add it, without confusing users. |
Beta Was this translation helpful? Give feedback.
-
Speaking of |
Beta Was this translation helpful? Give feedback.
-
Farcaster Connect channels currently build SIWE messages with FID resources formatted like "farcaster://fid/1234". However, the spec states that they are plural "farcaster://fids/1234". Can the spec be updated to reflect the current state of Farcaster Connect? The Farcaster Connect SIWE message statement is also (cc @horsefacts) |
Beta Was this translation helpful? Give feedback.
-
Is there a way to get some custom string into the SIWE statement? The reason I ask is that it would be cool if we could use the SIWE statement as a "social proof" in our app. Right now, it seems like a user of a FC-login-enabled app can't independently verify that app's claims about what a user's Farcaster FID is. |
Beta Was this translation helpful? Give feedback.
-
gm, thx for the spec!
|
Beta Was this translation helpful? Give feedback.
-
FIP-11: Sign in With Farcaster
Title: Sign in With Farcaster
Type: Standards FIP
Authors: @v, @sanjay, @deodad, @horsefacts
Abstract
A standard that allows Farcaster users to authenticate into other applications using the EIP-4361 “Sign in With Ethereum” standard. Conceptually similar to “Sign in with Google”.
Problem
A user should be able to sign in to a third-party app using a signature from their Farcaster account. In theory, this is possible since a Farcaster account is an Ethereum wallet and there are standards for producing and transmitting signatures.
In practice there are two problems:
Specification
The proposal includes two standards:
Signature Format
A user must produce an EIP-4361 Sign in With Ethereum message signed by the custody address. The message must include the following fields defined in EIP-4361:
statement
”Farcaster Auth”chain-id
equal to 10 (The ID of Optimism Mainnet)resource
, with the formatfarcaster://fids/<fid>
.The following message is an example:
Request Flow
An app can request a signature from the Warpcast client with a deeplink and uses a trusted FC Auth Relay server to proxy the results of the request back to the app.
Auth Relay
The Auth Relay server acts as a relay between the app the user is signing in to (requesting app) and the Farcaster wallet app producing the signature (signing app). In the current implementation, the signing app is always the Warpcast mobile app, though this can be extended easily.
The server has three API endpoints:
Connect
An app may call
channel
to request a new secret channel token, which is encoded both as a URL and as QR code that is displayable to the user. A channel lives for one hour on the connect server after which it is expired.Authenticate
A signing app (Warpcast) can call
authenticate
to post an SWIF signature message along with metadata about the user back to the channel to fulfill the request. The connect server does not accept signatures from non-warpcast clients, though this can be changed in the future.Status
A requesting app with the channel secret can poll
status
to check the status of the request and fetch the SWIF signature message and metadata if submitted by the signing app.Warpcast
Warpcast implements a Sign in with Farcaster approval screen which is triggered by the deeplink. When approved, it generates the signature and uploads it to the channel.
Rationale
Why not support non-Warpcast clients?
Warpcast is the only actively developed wallet client today. This design can easily be extended to support non-Warpcast clients, but doing it today carries no additional benefit and might be less robust since we’re not getting feedback from these clients about their constraints.
Why not use Wallet Connect to transport signatures?
Wallet Connect still fails occasionally on mobile devices for reasons that are not easy to divine. We made an explicit tradeoff to optimize for the user experience and use a hosted, trusted server. Wallet Connect can be adopted in the future if it becomes easier to use on mobile.
Why can’t we sign with a delegate signer?
It adds a lot of complexity for little benefit. Signatures would require a two step verification with hubs.
Why not allow sign in with verified wallet?
This adds significantly more complexity: display and select FC wallet vs non FC wallet, connecting the correct verified wallet, a rainbowkit type modal, connect to metamask/WalletConnect, then produce signature. The benefit is that it is nicer for the desktop to desktop case, but that does not seem worth the additional UI overhead. This is a nice to have worth considering in the future.
Release
Sign in with Farcaster does not require any changes to hubs or contracts. It is ready to use as of 01/12 when the Auth Relay server and Warpcast changes went live.
Beta Was this translation helpful? Give feedback.
All reactions