Question:

EOS authentication

Elijah: 24 May 2022

I was wondering how users will "sign in" to EOS. Users will need to share some private keys with the web app if the user wants the app to interact on its behalf with the EOS blockchain. I believe this is how steemit.com (https://steemit.com/) works.

EOS seems to have an advanced permission system, but I'm missing some guidance on best practices. I believe asking users to install an extension like Scatter will add a lot of friction, so I'm not considering it. Looking forward to knowing more about how this authentication & authorization mechanism will work.

Answer:
Henry: 24 May 2022

I agree in parts when you say that asking to install an extension is a "lot of friction"... But we are dealing with real money here: the EOS Tokens. People want to feel protected. Majority of ETH adopters have Metamask.

It reminds me of the beginning of the internet where we should have an email to signup an account, and as people didn't like that, websites started to create the annoying usernames, that eventually turns out such a pain in the ass because you always forget. Now every decent service asks for email and people are fine.

Well I think we need to EDUCATE people. Blockchain is a new topic and there's no other way around. Imagine when it get real traction and every single website utilizes Scatter identities: https://www.youtube.com/watch?v=06RSj40bHhs

In a matter of 1 click you are logged in and most important PROTECTED.

In our project we are struggling about UX for a full new user signup flow: installation of Scatter, generation of keys, submitting it to our server to create and stake an eos account, make the user open scatter again and create a new identity... None of the stakeholders have liked it, so I'm working with a solution that we can improve a lil bit, trying to turn this process smoother...

But what I told them is that there's no other way around to get decentralized, people will really need to install a wallet to handle their accounts, does not matter if it's a desktop, mobile one, but honestly an extension like Scatter is amazing for that.

Unless you want to centralize and hold your users keys... Would you trust any app to do that? Or, you could even create an account for this app and only hold a minimum amount of tokens there... At the end you will end up with a lot of accounts (like usernames I mentioned above)...