-
-
Notifications
You must be signed in to change notification settings - Fork 513
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Introduce alternative sign in mechanism based on message signing #3261
Comments
I have no problem with this sort of a feature enhancement, but I do think it would definitely need to stay only an optional second way to sign in to Rotki? Why? Because using my web3 credentials to sign in to my Rotki would mean I could not share my Rotki DB and DB encryption key with my tax professional, so that we together can take all the wonderful stuff that Rotki pulls together, and get it into a jurisdiction-specific tax accounting for preparing input to the tax authorities. |
yes this would be optional. |
Optional, and while you should be able use one way or the other to login, we should also provide a way to move between the too. |
Creative idea: might we be able to take, say, @A2be's public web3 ENS-address into account (say a hash, or other creative thing smart cryptographically-knowledgeable devs will come up with) as a PART of my Rotki That way, perhaps the Rotki user could still
but ALSO
|
So this is what I understand at the moment. So when the user wants to register, they still need to type the username they want. After the password is generated, at least we should show the generated password once to the user, so the user can keep it or save it on their password manager. (If somehow the password generated later is don't match) It's also same for login where user can choose to type in the password manually, or by signing a message again. Am I right? @kelsos @LefterisJP |
@lukicenturi , I think it is important that SignInWithEthereum (SIWE) not force the end user to use the old web2 username construct. However, I think we could use a part of whatever is generated by the signed-Ethereum transaction+EthAddress as a This was what I was trying to get at with this previous comment:
|
if you want to share the DB you need to share the actual file. Sign in is not related. But yes the username in that case can be something like the address alone.
If it's a new account I would say we do something like what @A2be suggested. By signing in both username and "password" are made automatically with the sign in with ethereum method. For old accounts we should allow the option to change the password to ethereum message signing so you associate the sign in to the DB with an ethereum account. |
Abstract
This is a matter we have discussed this matter with @LefterisJP a couple of times before.
Currently, you can use your passphrase/password for an account but that passphrase is something you have to remember since this is the encryption key of your database.
If you somehow lose access to the passphrase there is absolutely no way to recover it.
The discussion we had was to provide a way to provide a derivative key/password that gets created by signing a message with an Ethereum account.
This way we could provide a mechanism where you could log in either via Metamask or WalletConnect.
Tasks
The text was updated successfully, but these errors were encountered: