Going from miniapp to full app is an eye watering amount of work to undertake.

Most builders will “skip” authentication by putting themselves in debt with a centralized product.

If you fumble this or can’t manage that vendor you’re not going to make it far in building other pieces.

OAuth 2.0 was a huge mistake and has set us back decades in internet and online economic freedom..

at some point “don’t roll your own crypto” got morphed alongside “don’t roll your own auth” which sucks cause one is really good and necessary until you need to implement SSO then it’s hell

i have a prototype of a simple auth server that handles SIWF (nonce + verification) and issues asymmetrically signed JWTs so they can be verified by anyone

it’s only dependency is an ETH_RPC_URL

planning on hosting a public version so mini apps can have a quick way to do auth. it’s not stateful so whenever they are ready they can migrate to their own instance or use it as a reference to roll something similar in their own server

Building @warpcast and @farcaster / dad / like to read, cook, ski, code

i have a prototype of a simple auth server that handles SIWF (nonce + verification) and issues asymmetrically signed JWTs so they can be verified by anyone

it’s only dependency is an ETH_RPC_URL

planning on hosting a public version so mini apps can have a quick way to do auth. it’s not stateful so whenever they are ready they can migrate to their own instance or use it as a reference to roll something similar in their own server

https://github.com/farcasterxyz/auth-server

Scaling down probably happens for larger reasons than product ones.