Phase 3 Finalization: Estuary Integration POC

boris · September 8, 2021, 10:18pm

Phase 3 ended up being changed to working with the Estuary project, adding webnative-filecoin to their system.

The write up of what we ended up doing is here:

This showcases having people sign up with a DID-based Fission account, get a new FIL address created, work with the existing API key system that Estuary has, and be able to send FIL from within the system.

The pull request is here:

github.com/application-research/estuary-www

Add Fission auth

application-research:master ← application-research:feature/add-webnative-auth

opened 11:03PM - 21 Jul 21 UTC

bgins

+747 -13

This pull request adds Fission auth alongisde the current Estuary auth system. …The new authentication system leverages the current API key system. We should probably treat this PR as a draft because more work is needed before it add value. ### Auth with Fission flows The summary outline describes how authentication with Fission works as currently implemented in this PR. **Sign Up** - User does not have a Fission account + Redirect to Fission Auth Lobby where they grant permission to use their storage and the fil-cosigner key + Redirect back to a new interstitial "Account Setup" page + User signs up as usual with username, password, and invite code (maybe we can not require a password here?) + Two tokens are requested - One that is set as a cookie in the usual way - A second one is stored in WNFS for the next time the user signs in. This token is stored encrypted at rest. - We do this because the first token will be invalidated when the user signs out + Redirect to the user's home page - User has an Estuary account and is signed in with Fission + Read the token from WNFS and set it as a cookie to authenticate the user + Request a second token for next time and replace the stored token with it + Redirect to the user's home page - User has an Estuary account and is not signed into Fission + Redirect to Fission Auth Lobby where they grant permission to use their storage and the fil-cosigner key + Redirect back to the new interstitial "Account Setup" page - Look for the user's stored token. They have one, so redirect to a new "Authed with Fission" interstitial page - This second redirect isn't ideal, but we can't know if the user had a stored token before we authenticate them + User clicks a "Contiue to Estuary" button - Another token is requested and swapped out as above + Redirect to the user's home page **Sign In** - User has an Estuary account and is signed in with Fission + Read the token from WNFS and set it as a cookie to authenticate the user + Request a second token for next time and replace the stored token with it + Redirect to the user's home page - User has an Estuary account and is not signed into Fission + Redirect to Fission Auth Lobby where they grant permission to use their storage and the fil-cosigner key + Redirect back to the new interstitial "Authed with Fission" page + User clicks a "Contiue to Estuary" button - Another token is requested and swapped out as above + Redirect to the user's home page In cases where a user attempts sign in without a stored token they are shown an alert with an error message. ### Implementation #### Buttons New buttons have been added for sign up and sign in with Fission :sparkles: #### Sign in and sign up pages Fission auth has been added to `pages/sign-up.tsx` and `pages/sign-in.tsx`. #### Interstitial pages The pages `pages/account-setup.tsx` and `pages/authed-with-fission.tsx` have been added to handle cases where a user is returning from the Fission Auth Lobby. #### `useFissionAuth` hook Most of the interactions with `webnative` are handled here, with the exception of the initial sign up. #### FIL wallets Not quite yet! This PR has parts of the wallet story in place. More pieces are in progress to set up user wallets.

We have demonstrated this flow and created new FIL accounts on the fly, in browser, on mainnet, and sent funds from the web page, completing the end to end flow.

This shows how users could sign up for a brand new account, be provisioned a FIL account securely on the fly, and be able to pay for storage deals on Filecoin, relying on Estuary to handle the ingestion of files and deal making on behalf of the user.

This wraps up the original grant, read about the previous two phases:

Next Steps

Right now the Estuary team are looking at natively integrating UCANs into their server-side system. This would mean being able to use DIDs for both client side login as well as replacing API keys.

We talked through the existing FIL wallet flows. Currently, Estuary and Lotus instances have a default server wallet which manages deal making on behalf of all users.

In order to track FIL per user, we discussed a number of different options:

Keep the single wallet per Estuary node, track FIL addresses and amounts sent per user in the database – can be verified / synced with chain state, need to include functions to send funds back to use
Create an “escrow multisig” that is 1 of 2 from each user’s address and the Estuary wallet – amounts are tracked on chain, user can withdraw from there themselves if they want, need to verify those accounts
Users sign transactions authorizing / paying for deals directly - user needs to have a verified account, and this likely needs some improvement via FIPs

Using webnative-filecoin in apps

The webnative-filecoin library can be used to securely create and store FIL addresses in browser, and synced between devices with Fission webnative encrypted file store. The library is here:

You will also need the FIL Cosigner running server side, or reach out to use Fission’s cosigner:

Using this, developers can build applications with any front end framework, and enable users to send and receive FIL.

We also have started some work with the Application Research Group on bundling this into the Origin web3 app template, including starting by adding webnative:

github.com/fission-codes/origin

Add webnative

fission-codes:main ← fission-codes:feature/add-webnative

opened 06:48PM - 31 Aug 21 UTC

bgins

+2886 -1087

## Summary This PR fixes/implements the following **bugs/features** * [x] …Add webnative auth * [x] Add webnative storage example * [x] Origin changes to update build target and handle async issues in the store This PR adds a webnative store that provides Fission auth and demonstrates how to use WNFS to store a simple counter. ## Test plan (required) Install dependencies. ``` npm install ``` Run the app. ``` npm start ``` Sign into Fission on the main page and test that the stored counter is persisted in Origin and also in Fission Drive.

We are planning to submit some Filecoin Improvement Proposals (FIPs) in order to propose ways that accounts can be used for sign in, and other dapp-enabling methods.