Content
@
https://opensea.io/collection/dev-21
0 reply
0 recast
2 reactions
Stephan
@stephancill
It is a bit baffling to me that devs are so willing to outsource key components of their app like auth to third parties that have 0 interoperability Rolling your own auth is not hard nor dangerous today - there are tons of frameworks that give you the exact same devex without the vendor lockin
7 replies
2 recasts
24 reactions
Andrei O.
@andrei0x309
Exactly, that's why I was so disappointed when I saw Warpcast using Privy for the wallet and other authentication needs. They already used a wallet library because you imported the private key, and on top of that, they added Privy. It looked super unprofessional. Warpcast's wallet should have been implemented with the internal wallet library they used. For me, this was akin to something like Facebook using Google authentication as their main implementation. Rule number one for any company that wants to be considered a social network: never use third-party authentication and security systems.
3 replies
0 recast
1 reaction
christopher
@christopher
It's only for managing the embedded wallet not authentication?
1 reply
0 recast
0 reaction
Andrei O.
@andrei0x309
I mean yes, but isn't any wallet action a authentification in a sense? That's what I meant, any signature is an authentification. The problem is that they already had a wallet library in the app, for being able to do signatures, so why add a third party provider? Why have two pieces of software doing same thing? Weren't they capable to use same library to make wallet? Any EVM library out there is capable to be a wallet, you just add the UI on top of it. So yeah IMO adding a third party provider was not justified, those should be reserved for small DApps, if you think you're big enough you roll your own infra when it comes to security.
1 reply
0 recast
1 reaction
