Content
@
https://opensea.io/collection/dev-21
0 reply
0 recast
2 reactions
Stephan
@stephancill
It is a bit baffling to me that devs are so willing to outsource key components of their app like auth to third parties that have 0 interoperability Rolling your own auth is not hard nor dangerous today - there are tons of frameworks that give you the exact same devex without the vendor lockin
7 replies
2 recasts
24 reactions
Andrei O.
@andrei0x309
Exactly, that's why I was so disappointed when I saw Warpcast using Privy for the wallet and other authentication needs. They already used a wallet library because you imported the private key, and on top of that, they added Privy. It looked super unprofessional. Warpcast's wallet should have been implemented with the internal wallet library they used. For me, this was akin to something like Facebook using Google authentication as their main implementation. Rule number one for any company that wants to be considered a social network: never use third-party authentication and security systems.
3 replies
0 recast
1 reaction
Stephan
@stephancill
i think there is a credible argument to be made that they are focused on innovating on transaction ux, not wallet infra. the fid recovery flow would not work with EOAs, so privy's key sharding tech is a useful compliment i'm not aware of them using privy for authentication - can you share more?
2 replies
0 recast
0 reaction
Andrei O.
@andrei0x309
Is not used directly as auth, but is used as a part of warpcast wallet and mobile app, and I consider any tx a part of auth in Web3 world. There's no good argument of running both a wallet library and a third party provider of a wallet. Any good security practice would say is better to only run one infra for such things. The only thing I get from that that their either afraid of using the internal library or they wanted to rush things out anyway IMO no excuse, of course this is just my opinion, like you said being of the opinion that Warpcast should not invest time into making their own solution is valid, but like I said before for me is just unprofessional
1 reply
0 recast
0 reaction
Dan Romero
@dwr.eth
We don’t. We use Sign in with Farcaster.
1 reply
0 recast
2 reactions