Alert about backing up Robot Tokens

[ibertario]

This can reduce support request where Robots didn't backed up their Tokens.

Before creating or taking an order, alert the Robot to back up their Token. If you use a modal window you can show also the Token:

CAUTION: Backing up your Token is extremely important before starting a trade.

I DID

This is more important when the Token goes away if the browser elements refresh, because the Robot's session remains active. In that case you can add a conditional comment with a link to the Home:

If you didn't, GENERATE A NEW ROBOT before continuing.

I DID

[Reckless-Satoshi]

Hey @ibertario,

Indeed, this is a must. And you detailed a very nice way to implement it. I was also wondering how to alert users of their Token not being backed up without being annoying.

I think we can track whether users have already copied the token. We can use a variable copiedToken that becomes true when the user taps the "Copy" button on the Robot Generation page or Profile. In addition, if the robot was restored from a backup token (i.e., if it received the "Welcome back" message) we also know the token was copied previously so copiedToken = true .

When the user clicks "Create Order" or "Take Order" and copiedToken is false, then a pop up alert shows up. It alerts the user and shows the token once again and with a copy button. If the token has been forgotten already by the app, then it tells you to go back and generate a new Robot before continuing.

It is a little bit more complex implementation. But with this implementation, users who have already copied the token don't get annoying pop ups. What do you think?

It is also worth researching how to store the token into cookies in a safe way (just as the active session cookie is stored). That way if the robot has an active session the token must still be available. It will simplify a lot the design.

[ibertario]

I think we can track whether users have already copied the token. We can use a variable copiedToken that becomes true when the user taps the "Copy" button on the Robot Generation page or profile page. In adition, if the robot was restored from a backup token (if it received the "Welcome back message") we also know the token had been copied so copiedToken = true .

When the user clicks "Create Order" or "Take Order" and copiedToken is false, then a pop up alert shows up The pop up alerts the user and shows the token again and with a copy button. If the token has been forgotten already by the app, then it tells you to go back and generate a new Robot before continuing.

It is a little bit more complex implementation. But with this implementation, users who have already copied the token don't get annoying pop ups. What do you think?

Copied ≠ Saved

We can't be sure if after copying the Token the Robot stored it in a safe place. The Robot can have it copied in a temp way not reliable or forgot to back up properly.

It is also worth researching how to store the token into cookies in a safe way (just as the active session cookie is stored). That way if the robot has an active session the token must still be available. It will simplify a lot the design.

The problem here is that in temporary / Tor Browser environments we can't trust cookies.

Reset identity, forced close by device, inadvertently close by the Robot, reset, battery shutdown, energy issue... There are multiple scenarios in which cookies will disappear.

BUT an alternative can be allow the Robot to download a tiny file with the Token, where the filename is the Robot's name (and maybe the date).

[dsitti]

How about a "I saved my token, don't warn me" check-button on the usergen page next to the copy button?
If true, the warning will not be displayed.

[ibertario]

How about a "I saved my token, don't warn me" check-button on the usergen page next to the copy button? If true, the warning will not be displayed.

That's an addition, because the user can start a trade without that check marked.

[Reckless-Satoshi]

The problem here is that in temporary / Tor Browser environments we can't trust cookies.
Reset identity, forced close by device, inadvertently close by the Robot, reset, battery shutdown, energy issue... There are multiple scenarios in which cookies will disappear.

Yes, very true. However, the idea is that by storing the token in cookies instead of the react app state this cannot happen anymore. ⬇️

It will be impossible to have an active session if the browser does not know your token. That means as long as your session is active, you can still back up, most importantly: less UI to create for this feature :D

Storing the robot token into cookies is, in any case, needed for other features such as using multiple robots simultaneously. See #68 (comment)

---

We can't be sure if after copying the Token the Robot stored it in a safe place. The Robot can have it copied in a temp way not reliable or forgot to back up properly.

True.. 🤔 Where will you put the download button without increasing the entropy of the UserGen page?

I think that with minimum impact to the UI ( no new checkbox or download buttons), we can simply track in a non invasive way whether the user has moved the token to their clipboard. It is strictly better than the current approach and does not increase cluttering.

In the meantime we explore the download token functionality for a future PR. I personally do not like dealing with downloaded .txt files on a mobile phone. Forcing users to tap the download button or get one extra pop up introduces hassle, specially for those who know how to copy/paste effectively. However, this might be the only way to ensure the user did back up the token permanently ;) (Do we need to ensure that... ? :D )

[Reckless-Satoshi]

Both alerts (for makers and takers) are already implemented as described by @ibertario . It is also tougher now to lose the token by the browser. The alerts won't show if they user has copied the token previously.

[ibertario]

Storing the robot token into cookies

This a good way to improve Token session persistence.

the user has moved the token to their clipboard

Think about all type of users with this. Instead of the "copy" button, some users (like me) prefer double click/select the Token text directly and copy it, or (in paranoid mode) copy some characters from the middle and then the other side.

I'm against to check if the copy button was used (and assume that the user copied it later!)

Both alerts (for makers and takers) are already implemented

Tested and work PERFECT! This is the best workaround IMO.

we explore the download token functionality for a future PR

I close this issue, and if you want create a new one to track that download token functionality.

[Reckless-Satoshi]

I close this issue, and if you want create a new one to track that download token functionality.

Yes please! It needs a bit of thinking... how to implement a download button without adding more elements...