This is the third update on the Universal Logins project, a project funded through a generous grant from the Ethereum Community Fund — and is on track for receiving an ETHPrize bounty. Universal Logins currently being implemented by EthWorks.io, a talented group of ethereum developers from Warsaw.
Work on Universal Logins is progressing fast and we encourage everyone to clone the repo and test it for themselves by following these steps:
git clone https://github.com/EthWorks/UniversalLoginSDK.git
yarn && yarn build
This will run all the build process, deploy all the necessary contracts and run your app on localhost:1234. Visit there with any browser and you’ll see this:
It’s a very simple page with a single text field asking a username. It’s purposefully simple so that it will fit in any style that you want for your own app. The user types a username, and the app shows multiple options to the user: to create the username using various domains, to connect to an existing known name, even to recover the name if it finds that it’s available.
Creating an account
When you select to create a new account, you’re creating an invisible key pair stored on the browser and asking the server to deploy a contract that accepts messages from that public key. After doing you’ll also be gifted a few tokens, called kliks. These tokens are made purely for the purpose of the demo and are used to pay for transactions, universal logins can use any current or future ethereum token.
The demo app is a contract with less than 20 lines of code that has a single function and a single event which is represented by a single button on the main screen. When the button is clicked it logs the current time and shows the list of the latest button clickers.
The Demo Token
The app, of course is a stand-in for all ethereum apps. Our focus is really having a good onboarding process. The App also shows the user their klik token balance, and the cost of any action on the chain. Clicking the button costs 1 klik. Adding a new device costs about 10 kliks (but the first time you do it, you’ll get extra tokens, to encourage users to have a more secure login). In this manner, we are simplifying all the ethereum gears, like gas, gas price, ether, etc, into a simpler, and fun game. It’s the job of the relayers and app developers to decide which actions to charge for tokens, which actions are worth giving some tokens to the user and under which conditions.
Extra security backup
Although it’s created in a hosted website, the user owns their own account, not the site owner, the relayers or anyone else. That also means, of course that the security of the account depends on the user. Since the address is not an account but a contract, it allows multiple recovery options, which are left open for developers to create more, but we are already creating a very simple paper wallet backup. The app creates multiple different accounts that should be printed and kept separate. Each code will give you access to one new account.
We encourage app developers to create even more security features, like a recovery by email/sms (which might incur some centralization risks), recovery by assigning trusted friends, etc.
What about costs and scalability?
While this approach has many advantages, it does have some drawbacks, the main one being costs: not only transactions themselves are now a bit more expensive due to the signing and token payback, but creating the user itself has a cost, since their account is a contract that needs to be deployed. One of the solutions is “counterfactual deployment” a method in which you are able to have a signed message that deploys the contract to a known future address. This means that you can already send funds and ether to the address, before needing to deploy it, and then only deploy when the user has enough funds to justify it. Another advantadge, is that it guarantees you the same contract addresses on all ethereum networks, meaning that you can have your users on a private network or a shard chain, and then only migrate them to the main network once they want to do something that requires it, like when they want to sell their earned tokens.
The best onboarding experience anywhere
The goal here is not to have the best onboarding experience on the ethereum ecosystem, but the best login anywhere on the internet. For starters the current running code has these advantadges:
- No need to type or remember a password anywhere
- Instant login in multiple devices
- No need to download or install anything extra
- No single server with private data that can be attacked or leaked (but beware of the public data you share on the blockchain)
- The user can take the account they created in one app and use it to login in another app
- If the app goes offline, the users can still access their data
- User is in control
How to help
The app is still a work in progress. If you want to know more or contribute here is what you can do:
- Clone the app, use it, test it, make improvements, give us feedback (shout out to Kyle Bryant who already made the first volunteer contributions to the site!)
- Open issues on feature requests you’d like to see for the app. ECF Web 3.0 Infrastructure Fund is now starting to funds some of these issues with open bounties, so feel free to either request to work on one or use GitCoin to also fund your own bounties!
- Join the discussion on telegram at the MetaCartel group by sending a private message to Pet3rpan
- Find me at Web3 Summit 22–24 october Berlin and talk about it
- Join the #cryptolife hackaton 26–29 october in Prague, where Marek will give a workshop teaching everyone how to hack using our SDK
- Attend our Meta Transactions & Onboarding roundtables at Devcon 4, 30 oct–nov 2 in Prague. Where we will discuss what’s needed to finalize the standard