Content pfp
Content
@
https://warpcast.com/~/channel/miniapps
0 reply
0 recast
0 reaction
artlu ๐ŸŽฉ pfp
artlu ๐ŸŽฉ
@artlu
another minimalist Mini App starter, this time with SIWF! If you're a FC dev, giving users access to their moneys via Mini Apps, good ๐Ÿ‘ ! Users should always own their moneys! but please protect it mi familia FOSS repo plz ๐Ÿค“ ๐Ÿ‘€ ๐Ÿ‘ฎ only uses hono + zod + viem no Optimism RPC! no Hubs! stateless JWT (future-ready for FC Auth addresses)
4 replies
4 recasts
19 reactions
artlu ๐ŸŽฉ pfp
artlu ๐ŸŽฉ
@artlu
I've deployed SIWF 10 different ways: with NextAuth, Remix, Lucia, Astro, Privy, Dynamic, @warpcastadmin.eth's frontend starter, Cloudflare Workers functions. Not a single one has been delightful. It is sooo uncomfortable to roll your own auth. And 3 weeks later you realize there was a better way. And if you relied on NextAuth, you might get a new CVE advisory every 4 months about how they left the barn door open. And guillermo rauch bashes everyone else for also shipping vulnerable frameworks. Releasing this package today as FOSS. The security pathways are super transparent, and I'm very open to suggested improvements and tee-heeing about any holes you find. I want Farcaster Mini Apps to have The. Best. Auth. huge h/t @limone.eth whose Next starter has the cleanest flow inside a framework I've seen. I took those clean paths, and maybe (?) reduced the surface area even more. This template has no real dependencies on Neynar (although it's super useful and a huge time-saver!), or other paid services.
2 replies
1 recast
12 reactions
artlu ๐ŸŽฉ pfp
artlu ๐ŸŽฉ
@artlu
gently placing this here for reference the F in FOSS stands for freedom
0 reply
0 recast
0 reaction
Kasra Rahjerdi pfp
Kasra Rahjerdi
@jc4p
hell yeah, this is the first one iโ€™ve seen that has SIWF!!!
1 reply
0 recast
3 reactions
Tony Dโ€™Addeo pfp
Tony Dโ€™Addeo
@deodad
just looked over the templateโ€”this is really nice! callout on storing the jwt in the sessionStorage: if a user signs out of Warpcast and signs back in as another user they could still be logged into the Mini App as the previous user. it looks like you automatically sign in on each mini app load which is great / the recommended approach so this will overwrite the previous session a security improvement would be to store the jwt in memory instead of session storage so it gets flushed when the app is closed the UX on web will suck for now but in < 1 month we should have silent and seamless SIWF everywhere and so getting a fresh session on each mini app load will still give excellent UX
2 replies
0 recast
1 reaction