Using uPort to manage identity and signing transactions in Swapy Exchange

Written by Ícaro Harry (D’App Developer at Swapy Network)

One of the most exciting products we’re building at Swapy Network is the Swapy Financial ID: [1] a Digital Financial identity valid in any country that eliminates the information asymmetry, as well as guaranteeing the data integrity and privacy.

The first use of Swapy FinID will be to handle identity in Swapy Exchange. The basic idea of Swapy Exchange is to connect Investors and Credit Companies: one willing to raising funds and the other willing to gain interests. So, using Swapy FinID we’ll be able to verify whether the user is an investor, a company credit, or any other kind of user that might join the network. On top of that, it will provide the financial information of the user.

We’re experimenting different ways to implement Swapy FinID, one of our ideas was to use uPort: [2] a self-sovereign identity and user-centric data platform, enabled and secured by Ethereum. uPort has a mobile app where you can manage your identity and share it with dApps that are willing to identify you. Other than that, since uPort contains an Ethereum wallet that is related to your profile, you can use it to sign transactions within the dApp. So, for example, when the user creates an offer in Swapy Exchange he can sign the transaction using his phone.

With that in mind, we decided to integrate uPort with the current version of Swapy Exchange (0.0.2-ALPHA) to see if it fits with our needs and if it’s possible to build Swapy FinID on top of it. As a bonus, we decided to submit our work to the ConsenSys — uPort Blockchain and Identity Hackathon.

Understanding Swapy Exchange

In the current version, we have a simple flow where a Credit Company can raise money on one side, and an Investor can invest on the other side. This flow is better explained in the following diagram.

So, the steps are:

Credit company

1. Sign in as a Credit Company
2. Create fundraising offer
3. Wait for investment proposal
4. Withdraw funds
5. Payback

Investor

1. Sign in as an Investor
2. Send Ether to the desired fundraising offer
3. Wait for company’s approval and payback

How does uPort fit?

In the current version, we don’t identify the users. We’re using MetaMask to connect our dApp with Ethereum, so all we have access is the user’s wallet address.

Considering this, one of the possibilities of uPort is to provide user identification.

Also, most of the steps of the flow mentioned above require signing an Ethereum transaction. Right now, to sign a transaction, the user needs to use MetaMask.

Using uPort we can move this part to the uPort app, and require the user’s signature from his phone which provides more security (similar to a 2FA) and gives the user another option other than MetaMask.

Implementation

We didn’t want to remove MetaMask from our application, so from the beginning, we tried to connect uPort without breaking the MetaMask integration. That was the big challenge because uPort uses a different version of web3 than the one we were using with MetaMask.

To handle this, we had to create a factory for our Smart Contract calls that returns the service which implements the specific behavior depending on if the user is using uPort or MetaMask.

Unfortunately, since the two web3 versions are not compatible, we weren’t able to reuse the same calls we did to our Smart Contracts. This means that for each new feature we implement in the future, we will need to create an uPort version and a MetaMask version.

Identification

To manage identity, we decided to implement a new way to sign into Swapy Exchange. Besides using MetaMask, we implemented uPort requestCredentials method so the user can sign in using his phone.

Source code

1. uport branch
2. uPortProtocol.service— calls to uport web3
3. uport-login.component— call to request credentials
4. uport.service

Demonstration

The old way:

Signing in and creating an offer using MetaMask

The new way:

Signing in and creating an offer using uPort

How to test it

We’ve deployed the Swapy Exchange version using uPort at https://uport.swapy.exchange.

Make sure you have the uPort app on your smartphone.

1. Open the link, agree with the Swapy’s Terms of Service and Privacy Policy and select Sign in with uPort

2. In your phone, scan the QRCode using the uPort app.

3. Sign in as an Investor or as a Credit Company

4. Use the Swapy Exchange normally, and when you need to sign an Ethereum transaction, use the uPort app.

Running locally

For those who prefer to test the app locally, we provided a Dockerfile to run the app locally. So make sure you have Docker installed.

1. Clone the Swapy Exchange Dapp in the uport branch

git clone -b uport https://github.com/SwapyNetwork/swapy-exchange.git

2. Create your Dockerfile from our sample

cp docker/sample.Dockerfile docker/Dockerfile

3. Edit the Docker file to include your infura provider in the env variables at line 9

ENV HTTP_PROVIDER “https://rinkeby.infura.io/yourkey”

4. Build the Docker container (it may take a while)

sudo docker build -t swapy-exchange docker/

5. Run the Docker container

sudo docker run -t swapy-exchange

Conclusion

uPort seems to have a bright future ahead. The idea is really good and the ConsenSys team is working hard to deliver a good user and developer experience for the platform.

We’re still deciding on whether we’re going to build Swapy FinID on top of uPort. We were able to integrate Swapy Exchange with uPort without big issues but we’re still missing some points regarding uPort:

The mobile apps are not Open Source

This is a big concern for us at Swapy since we’re constantly promoting transparency and decentralization, it is key for us that our users are able to review our code and build on top of it. We couldn’t find the code for the mobile apps and we don’t know if the uPort team will publish it.

Also, from what we noticed, there’s no way to export the private keys from the uPort app, which, in our vision, would be an essential feature to give freedom to the users.

The library was not compatible with our web3 version

The library forces us to use a different implementation of web3. We don’t know why it’s done this way, but it would be very nice for us to use the same library whether the user is logged with MetaMask or uPort.

The app limits the gas of a transaction

We weren’t able to call our smart contract to create an offer with 5 assets because the app limits the gas to 3000000 even though the Rinkeby network gas limit is around 6700000 right now. This is a show stopper for us since our dApp needs more than that to operate. Because of that, we had to change our smart contract calls to create only 1 asset in order to test uPort.

The app is currently locked in the Rinkeby test network

Our Smart Contracts were previously deployed at Ropsten, but we couldn’t test there since uPort is only working at Rinkeby right now. It would be nice to have the option.

We would like to thank the uPort team for all the hard work. And we would love to have feedback on our implementation!

[1] https://www.swapy.network/SwapyNetworkWhitePaper-English.pdf

[2] https://www.uport.me/