What is SteemLogin?
SteemLogin provides a very easy way for Steem users to sign in to their favourite applications.
Unlike other utilities, such as SteemConnect, SteemLogin allows users to authenticate themselves using mainstream authentication providers such as Google and Facebook.
On the first authentication, users are requested to provide their Steem username and Posting Key which are then stored within a secure database and returned to the Steem application.
From then on, the sign-in process simply consists in users authenticating themselves with their provider of choice - be it Google, Facebook, Twitter or GitHub.
Upon each successful authentication with one of the above providers, the Steem username and posting key are retrieved from the SteemLogin database and passed back to the Steem application.
Users never need ever again to enter their complicated 50 character hash posting key across all supported Steem apps and devices!
Why use SteemLogin?
A posting key looks like this:
This is a 50 character hash which is impossible to memorize and difficult to enter without making any mistakes.
While such passwords are very awkward to type in on a PC/laptop, the task becomes even more painful when using handheld devices.
In our opinion this is one of the main barriers standing in the way for wide adoption of Steem applications!
In this day and age people have come to expect being able to login to most applications using mainstream content providers and social networks.
This is the user experience that SteemLogin will provide to your Steem app!
How does it work?
Upon signing in to the application the user will be redirected to the SteemLogin authentication portal.
There, he/she will be presented with the following authentication options:
The user selects his/her authentication provider of choice and completes the verification procedure that he/she is accustomed to.
The user should be asked by the provider to authorize SteemLogin for authentication.
Upon successfully authenticating with the provider, the user is redirected to the SteemLogin application.
SteemLogin retrieves all stored Steem account details (usernames and posting keys), if available, from its database and checks if these details are still valid.
The user is then invited to select his/her account of choice or add another Steem account into the system.
Once a Steem account has been selected, SteemLogin redirects the user to the Steem application.
In the process a unique authorization code is supplied to the app which allows it to retrieves securely the account details.
The Steem application can now use the Steem username and posting key with the Steem blockchain for all operations requiring authentication.
The user is logged in.
What if the user Steem details are not available or changed?
Upon authentication with the external provider SteemLogin checks if a valid Steem username and posting key are stored in its database.
If not, the user is presented with a form allowing him/her to type in those details.
The Steem details are automatically checked before allowing the user to submit the form and be redirected to the Steem app.
Is SteemLogin secure?
With many wisely urging people not to share their keys with anybody it is only natural to wonder if posting keys are safely stored by SteemLogin.
We take the safety of your posting key extremely seriously!
For this reason we have decided not to store your Steem details on our own servers, but instead to use the services of Firebase, a Google owned company which takes extreme care in securing data on behalf of their customers.
SteemLogin makes use of the Cloud Firestore database product which automatically encrypts all data on the disk and prevents logged in users from accessing database records created by other users.
Furthermore, all information exchanged between SteemLogin and the Steem applications is encrypted using HTTPs.
SteemLogin does not store any other information about a user but the Steem username and posting key. Google/FB/Twitter/GitHub authentication tokens and other sensitive information is not stored within our database but is simply passed back to the Steem application over HTTPs.
Finally one must remember what can be done with the posting key.
The posting key allows a user to post, edit, upvote, and resteem content on the Steem blockchain. It also enables following other Steem users.
The posting key does not allow one to make financial transactions (such as transfering Steems or SBDs), change personal information or other passwords.
SteemLogin will not allow users to store accidently other more sensitive keys such as the active or owner keys!
Is SteemLogin opensource and who is behind the project?
SteemLogin is opensource and can be downloaded and examined from our GitHub repository
The software is maintained by @irelandscape.
Is it free?
Yes, SteemLogin is completely free!
Where can I see SteemLogin in action?
SteemLogin has just been launched so the number of supporting apps is still limited, though growing steadily.
Check out StemQ to see SteemLogin at work.
Simply click that LOGIN button!