Content pfp
Content
@
https://warpcast.com/~/channel/miniapps
0 reply
0 recast
0 reaction
artlu 🎩 pfp
artlu 🎩
@artlu
another minimalist Mini App starter, this time with SIWF! If you're a FC dev, giving users access to their moneys via Mini Apps, good 👏 ! Users should always own their moneys! but please protect it mi familia FOSS repo plz 🤓 👀 👮 only uses hono + zod + viem no Optimism RPC! no Hubs! stateless JWT (future-ready for FC Auth addresses)
4 replies
5 recasts
20 reactions
Tony D’Addeo pfp
Tony D’Addeo
@deodad
just looked over the template—this is really nice! callout on storing the jwt in the sessionStorage: if a user signs out of Warpcast and signs back in as another user they could still be logged into the Mini App as the previous user. it looks like you automatically sign in on each mini app load which is great / the recommended approach so this will overwrite the previous session a security improvement would be to store the jwt in memory instead of session storage so it gets flushed when the app is closed the UX on web will suck for now but in < 1 month we should have silent and seamless SIWF everywhere and so getting a fresh session on each mini app load will still give excellent UX
2 replies
0 recast
1 reaction
artlu 🎩 pfp
artlu 🎩
@artlu
tyty sessionStorage is a compromise for now and I'm eager to see the new web experience! does tying the token's id to the context-reported fid avoid accidentally logging someone in as their shared brand account (or as a secret alt)? that was a suggestion I saw somewhere else
2 replies
0 recast
1 reaction
Tony D’Addeo pfp
Tony D’Addeo
@deodad
yup that'd work not completely totally perfect since the unconscious assumption of a user would be if log out of Warpcast I'd also be logged out of the the Mini Apps and technically there'd be some authed state laying around but in practice having your client code ignore this / start new session is sufficient for the time being / the majority of use cases
1 reply
0 recast
1 reaction
Tony D’Addeo pfp
Tony D’Addeo
@deodad
something we might do is use this credentialess flag in the future on the iframe so that sessionStorage so that each session is forced to be incognito https://developer.mozilla.org/en-US/docs/Web/Security/IFrame_credentialless
0 reply
0 recast
1 reaction