FIP: Farcaster Connect #204
Replies: 15 comments 39 replies
-
Beta Was this translation helpful? Give feedback.
-
|
Beta Was this translation helpful? Give feedback.
-
How do we go from app fid > app server > app manifest? In other words, how do apps define their manifest at the protocol level? |
Beta Was this translation helpful? Give feedback.
-
I don't quite understand this tradeoff. Can you elaborate? |
Beta Was this translation helpful? Give feedback.
-
this looks great! 1)
Where is the threshold between the SDK provided by Farcaster and the implementation for each client. I'm happy to provide an open-source solution for clients, but unclear how to scope this yet. |
Beta Was this translation helpful? Give feedback.
-
|
Beta Was this translation helpful? Give feedback.
-
On the topic of using the Key Registry to find the list of preferred applications, why go this route versus doing it in user data on the protocol? If it is assumed that an app already has access to a user's signer, the lift to send a message is much lower than hosting a Viability of a userdata approach also depends on the answers in this question as I understand an app with 100,000 users that share a single signing key would then need to submit 100,000 user data messages to the protocol to update the homepage. |
Beta Was this translation helpful? Give feedback.
-
@varunsrin The Frames v2 FIP is very exciting. What about using Frames to implement Farcaster Connect? If the "Farcaster Connect" button had a way to open a specific frame in my Farcaster client, then it's easy to authenticate, right? |
Beta Was this translation helpful? Give feedback.
-
Any particular reason why it doesn't just login through an embedded browser popup to That would avoid the need for the user to fill out their name for every new app, as it could be stored client side on that domain/autofilled. |
Beta Was this translation helpful? Give feedback.
-
How could we add a way for apps (not the Farcaster client) to sponsor account creation during this flow? Farcaster Connect + Notifications can be the easiest way to implement authentication. No passwords, no emails, everything a site needs to authenticate and build a "relationship" with a user is included. The only problem is Farcaster user base. What if we made it easy for the app (site) to sponsor account creation? |
Beta Was this translation helpful? Give feedback.
-
Another version of this proposal is to do the above, but also shift the auth signature from the custody address to the app key. Users would be able to generate two kinds of app keys. Level 1 would let an app write messages on behalf of the user while Level 2 would let an app write messages and sign in to other apps on behalf of the user. The main benefit is that authentication into frames is simpler, because the app can just provide the signed token without needing to prompt the user. The other benefit is that users can have multiple apps that can log them in without giving them control over the seed phrase. The downside is that the security model changes considerably. Instead of each action being authorized by a wallet which is often user controlled, it is now authorized by an app key which is often app controlled. Users need to be careful about which apps they give level 2 permissions to, and a compromise of a level 2 app will be difficult to recover from since there is no easy way for the app to revoke all the keys if it gets popped. We will also need all apps to re-request a level 2 key which requires an onchain transaction. There are plans to make this a snapchain level operation that requires no fees, but that may take a few months. |
Beta Was this translation helpful? Give feedback.
-
on the tech side, i don't have anything to add what hasn't been asked in the commends |
Beta Was this translation helpful? Give feedback.
-
A few thoughts: 1 Renaming to Farcaster Connect sounds great to avoid confusion In clear wallet https://github.com/andrei0x309/clear-wallet I had for many months SWIF working as it's now I'll probably add farcaster connect if that is implemented, also wallet is listed on many well-known websites like ethereum.org, alchemy and wallet connect/reown. The best follow is always one that shows a QR and a link that is copiable, it is standard and I think it creates the least amount of confusion. |
Beta Was this translation helpful? Give feedback.
-
As a general thought I think the relay's url specified in the implementation should not be limited to |
Beta Was this translation helpful? Give feedback.
-
A nice side-effect of a commonly used relay is users will not have to enter their username every time. The relay can set a cookie with the username, and auto-fill it next time you visit. |
Beta Was this translation helpful? Give feedback.
-
FIP: Farcaster Connect
Title: Farcaster Connect
Type: Implementation FIP
Authors: @v, @dwr.eth, @horsefacts.eth
Acknowledgements: @df, @payton
Abstract
Update Sign in with Farcaster (FIP-11) to work with any wallet and rename it to Farcaster Connect to avoid confusion.
Problem
Users can sign into apps with their Farcaster account by signing a SIWE message from the wallet that holds their account. Negotiating this signature requires a connection protocol to link the requesting app and the signing app or wallet, which may be on different devices. Existing Ethereum protocols do not support mobile or have high failure rates leading to a bad user experience.
Farcaster solved this by introducing SIWF or FIP-11 which is a connection protocol to request SIWE signatures using a relay. This results in a significantly better user experience but the current design assumes that the signing app is always Warpcast.
Specification
SIWF (FIP-11) is extended to support signing request to any app that holds the user's custody address. It is renamed to Farcaster Connect to make it clear that it is a protocol for passing around SIWE signatures between apps, and not an alternative to SIWE.
FC Connect uses a relay server which establishes a secure channel between the requesting app and the signing app. The main changes we propose are:
connect.farcaster.xyz
. The relay offers an optional frontend that requesting apps can use to complete the entire connect flow.The happy path works like this:
connect.farcaster.xyz
from the relay server.If the user does not have the UserData set correctly, the relay should look up the user's installed apps from a list and provide one. If there is no installed app or if the app fails to produce the correct signature, the relay should return a generic list of popular apps or encourage the user to set this value.
Linking Action
The linking action is a mechanism to open the signing app and pass the channel id secret to it. The signing app can then ask the user to approve the signature and return it over the channel. The mechanism of the action depends on the platform of the requesting app and the signing app as shown below:
Mobile > Mobile: universal link with channel id is returned and invoked
Desktop > Mobile: QR code with universal link with channel id is displayed
Desktop > Desktop: link with channel id is displayed for user to click on, channel id is also exposed to copy paste
Mobile > Desktop: same as above
UserData
TBD. UserData should include the domain of the application and possibly also the platform(s) supported.
FC Connect Manifest
TBD. Manifest should include metadata on platforms supported and how to construct deeplinks with the channel secret.
connect.farcaster.xyz
TBD. The connect app should be open sourced, served from the relay and show how authentication works.
Tradeoffs
Relay is a single point of failure. If the relay goes down or blocks a user, they will be unable to use FC connect. This is mitigated by offering an open source version of the relay that can be self hosted.
Requests are visible to the relay. Connect requests can be made private by making the UserData request client side and blinding the server to the user. This requires significant work and can be considered in a future update.
Signing app must have a backend service to talk to the relay. This is necessary so that a path can easily be established from the requesting app to the signing app at all times.
Open Questions
Rationale
Why is it necessary to input the username?
If you ask for the username you can identify the app they use to store their custody address, and the platform that it lives on. In the best case, this lets us produce a deeplink or QR code straight into that app that works 100% of the time. Without this, you would have to show a user the list of all possible apps and have them choose one. As the number of apps grows, this gets tedious.
Why use universal links instead of using a general protocol handler (fc://)?
Once you determine the app a user is using, the best ways to link into the app are QR code (desktop > mobile), universal link (mobile > mobile) and regular link (mobile > web, web > web). Protocol handlers on mobile are more failure prone and have a worse UX than their counterparts. They are are necessary in a world where you cannot determine what app a user is using, but the Key Registry solves this problem.
Why not use app keys to let multiple apps use FC Connect simultaneously?
App keys can be modified to let the app sign in as the user. Many apps could simultaneously offer Sign in with Farcaster support without the custody address, which is a benefit for authenticating into frames. The issue is that a malicious or compromised app could sign in as the user, and services like Privy which use FC Connect / SIWF today would not be able to rely on it for secure auth. It would also diverge from the Ethereum SIWE standard and lose many of the benefits of composability.
Why not use Wallet Connect?
This works reasonably well for desktop > desktop, but has a high failure rate when mobile platforms are thrown into the mix. Since most Farcaster users are on mobile, which is unusual in crypto, this solution does not work for us. We hope that WC improves over time and that we can deprecate the FC Connect standard in the future.
Why not use Mobile Wallet Protocol for mobile > mobile cases?
It's only supported by Coinbase and Rainbow wallets today.
Release
TBD
Beta Was this translation helpful? Give feedback.
All reactions