A place for developers to talk about building on Farcaster.

/dev

It is a bit baffling to me that devs are so willing to outsource key components of their app like auth to third parties that have 0 interoperability

Rolling your own auth is not hard nor dangerous today - there are tons of frameworks that give you the exact same devex without the vendor lockin

Exactly, that's why I was so disappointed when I saw Warpcast using Privy for the wallet and other authentication needs.

They already used a wallet library because you imported the private key, and on top of that, they added Privy.

It looked super unprofessional. Warpcast's wallet should have been implemented with the internal wallet library they used.

For me, this was akin to something like Facebook using Google authentication as their main implementation.

Rule number one for any company that wants to be considered a social network: never use third-party authentication and security systems.

Software developer, open source enthusiast, privacy advocate.

Clear Wallet Open-source privacy focused wallet: https://clear-wallet.flashsoft.eu/


I mean yes, but isn't any wallet action a authentification in a sense?

That's what I meant, any signature is an authentification.

The problem is that they already had a wallet library in the app, for being able to do signatures, so why add a third party provider?

Why have two pieces of software doing same thing?

Weren't they capable to use same library to make wallet?

Any EVM library out there is capable to be a wallet, you just add the UI on top of it.

So yeah IMO adding a third party provider was not justified, those should be reserved for small DApps, if you think you're big enough you roll your own infra when it comes to security.

It's only for managing the embedded wallet not authentication?

Is not used directly as auth, but is used as a part of warpcast wallet and mobile app, and I consider any tx a part of auth in Web3 world.

There's no good argument of running both a wallet library and a third party provider of a wallet.

Any good security practice would say is better to only run one infra for such things.

The only thing I get from that that their either afraid of using the internal library or they wanted to rush things out anyway IMO no excuse, of course this is just my opinion, like you said being of the opinion that Warpcast should not invest time into making their own solution is valid, but like I said before for me is just unprofessional

i think there is a credible argument to be made that they are focused on innovating on transaction ux, not wallet infra. the fid recovery flow would not work with EOAs, so privy's key sharding tech is a useful compliment

i'm not aware of them using privy for authentication - can you share more?