New features for developer - Use HIVE Onboard for your dApp

in #hiveonboard5 months ago (edited)

While pretty much destructive stuff is going on in the crypto-world right now - I have been very productive in the last few days and it's time to push things forward on HIVE!

In this episode, I wanna give you an update about new features which can be used right now for any dApp out there which wants to make use of the account creation service from @hiveonboard.

image.png

Rationale

The amount of dApps available on HIVE is growing fast and in most cases developer have to make a decision on how to handle account creation for new user.

This let me think, why should each dApp reinvent the wheel when it comes to on-boarding new user to HIVE, when @hiveonboard already can handle the job pretty well?

If you ask me, developer should always focus on their use case first and care about what brings value for their user-base. Don't spend your time on stuff, that has already been solved!


1. Redirecting to your dApp after account creation

image.png

If you don't wanna mess around with account creation yourself, feel free to send your new user to hiveonboard.com passing in your redirect_url as a query parameter.

  • Sample URL straight to Account Creation
    https://hiveonboard.com/create-account?redirect_url=https://hive.io/eco

  • Sample URL with URI-Encoding to Landing Page
    https://hiveonboard.com/?redirect_url=https://hive.io/eco

When a user successfully created his HIVE account, he will immediately send back to your dApp. In this case step 3 "Choose your dApp" will be skipped entirely.

For best user experience, try to redirect to your login page and make sure the user can get started at once.

Update:
@culgin brought up a scenario where a bad actor could use this feature to point user to a phishing website and do harm from there. In order to make user this cannot happen - I've just added a whitelist for authorized domains, which can make use of this feature. You can extent the URL with your path like /login or /signin as long as your URL starts with the value in the whitelist.

[
  "https://hive.blog",
  "https://peakd.com",
  "https://3speak.online",
  "https://splinterlands.io",
  "https://esteem.app",
  "https://stem.openhive.network",
  "https://steempress.io",
  "https://actifit.io",
  "https://dlease.io",
  "https://dblog.org",
  "https://brosgn.net",
  "https://brosinopoker.com"
]

If you run a dApp which isn't included in the whitelist right now, please contact @roomservice or do a pull request on the whitelist in the repo.


2. Use your own HIVE account to create user for your dApp

image.png

I've already covered how @hiveonboard solved the lack of ressource credits problem with help of a server-side software in this post about a week ago. This time we take the idea even further.

I was asked by a dApp developer if it would be possible to bypass the account ticket load-balancer and prioritize a specific creator-api instance when a user is going to create an account.

Sure - why not? So here we go!

In case you run a creator-api for your very own dApp account and at least one account creation ticket available, you could just add the creator query parameter.

  • Sample URL straight to Account Creation
    https://hiveonboard.com/create-account?creator=my-dapp

  • Sample URL with URI-Encoding to Landing Page
    https://hiveonboard.com/?creator=my-dapp

If a user creates an account on hiveonboard.com now - the new account will be created by @my-dapp in this case and will act as the recovery account until changed by the user. In most cases it would make perfect sense to add redirect_url query parameter as well.

As a friendly reminder - you can choose from two different repositories for the creator-api:
GitHub - original version with additional features by @fbslo
GitHub - light-weight version with only api-support by @roomservice

If you want to make use of this feature for your dApp, please contact @roomservice.


3. Bonus - Debug Mode for testing account creation flow

If you want to take advantage of those features or just wanna see how @hiveonboard works, you can now add the debug_mode query parameter and see how it goes, without actually creating an account and skip phone verification.

  • Sample URL straight to Account Creation
    https://hiveonboard.com/create-account?debug_mode=true

  • Sample URL with URI-Encoding to Landing Page
    https://hiveonboard.com/?debug_mode=true


As always, I would love to hear your feedback and want to thank for your ongoing support!

Account Creation reports moved to @hiveonboard-log

If you are interested in those new accounts who joined the HIVE using @hiveonboard you can always look them up in the daily reports created. This reports moved to the blog of the account @hiveonboard-log because most of you don't wanna get spammed when following this account.

Quick Side-Note

I'am currently running a proposal for a HIVE ad-campaign on BRAVE browser.

If you like my work on @hiveonboard you may consider taking a look at my proposal and maybe vote for it:
https://peakd.com/me/proposals/99

Yours,
@roomservice

Sort:  

Great work!

How can I report a security vulnerability in private? I have got a POC ready

Could we private on Discord? Just added a friend request over there.
Thanks!!!

It's fixed now - I've updated the post regarding this issue using the redirect_url.

Downside of this fix is, that dApp URL's have to be whitelisted in my repository now. But safety first!

It is always a struggle between user-friendliness and security, but I think it is certainly good to have users' security as a priority 😃

Great stuff @roomservice, I really hope this opens up the ability for tribes to now onboard I think it was a real sticking point! I cant wait to see the uptake from this

I have just added a link to this post in the STEMsocial app to-do list. When on-boarding features will be implemented (we have other top priorities at the moment), I will think about your service for sure!

[small upvote for visibility]

You could just add the link to
https://hiveonboard.com/create-account?redirect_url=https://stem.openhive.network/
right now.

Users will be redirected directly to STEMsocial app after account creation.

I put it on the to-do list, thanks! (I know it takes no time, but I have no time :D ).

I'll probably use this on my Dapp if I ever get anywhere with it.

Best of luck. Hope you make it happen. My app is just up in the noggin rn. Need to change that

@dapplr I'm sure you're aware of it, but want to make sure

I'd love to work with @dapplr but have no clue right now on their plans regarding account creation. In case someone from the team reads this let's get in touch.

Hi @roomservice

We were actually going to reach out to you. We will love to have this integrated. Keep doing the great work.

Awesome! You can reach me on Discord (roomservice#8215) whenever you are ready.

I guess dapplr will be a native app, maybe we can work on a even better solution for you together.

Sure, That would be great. We are building the application in Flutter - Dart.

Great job! I'm not ready yet to use it (still nowhere with my dapp) but bookmarked this post and will keep it in mind!

genius! Great work you're doing!

fantastic work! Exactly what's needed.

Congratulations @hiveonboard! You have completed the following achievement on the Hive blockchain and have been rewarded with new badge(s) :

You received more than 1250 upvotes. Your next target is to reach 1500 upvotes.

You can view your badges on your board and compare to others on the Ranking
If you no longer want to receive notifications, reply to this comment with the word STOP

Support the HiveBuzz project. Vote for our proposal!

I really hope developers start to use the available HIVE to build a really nice blockchain game that has a similar system to HIVE/STEEM in that the game itself would lock up coins to enable decentralized gamer development.

When I say blockchain game, I mean something epic and something worthy of gaining the attention of steam users!

Wow this is a great stuff, it will be super easy now to create new accounts for dApp users :)

Can we focus on onboarding some more cats? It's pretty lonely here.

Great move. The most important thing is making sure people easily create accounts and increase our mainstream appeal

Excelente!!! Buena iniciativa y buen trabajo

So much info... so little time. But it’s a three day weekend.

I must confess. This is a great move

This is actually good. I tried creating account for a friend and it was too annoying . Too many people creating. Then paying for accounts .i like the idea of the dummy account creation.. i respect your effort..

Excellent work. I have been trying to get more people into HIVE. It's a tough job. Having tools like this available is a great convenience. Thank you!

Already voted for your Brave ad campaign :-)

Thanks a lot!!!

Hope this works and brings good devs

Wow! I can hear the hive buzzing!

hey, i just read through the text on hiveonboard.com, on the third section it's this:

"We will suggest to HIVE frontends that you, the referrer, will gain 3% beneficiary rewards from post earnings of the referred account. Please beware that referred accounts could always change this setting on a frontend, since it's a totally optional."

Consider changing it to this... (most noobs don't know the word "frontend" plus there were some grammar errors and awkward sentences.)

"We are recommending that Hive sites give you, the referrer, a 3% beneficiary reward from the post earnings of your referral. Please be advised that your referrals can always change this setting on a Hive site, since it's totally optional."

Got it thanks!

other than that, it's great!!!! i wonder when referral will be rolled out? i see it's already live.....then we will need to do a video for sure!

Yeah it's already pretty much finished on @hiveonboard.

I'am working on draft, which describes the system in detail and will be introduced to the community soon.
It will be a open standard, so anyone is free to make use of it or not.

I would suggest to wait covering this topic for now until at least one hive dApp will integrate this feature. For now feel free to use the referral link yourself and get a feeling how it works - maybe call it beta-testing :)

ok great. I will wait til a dapp rolls it out.

here are my copy edit suggestions. The reason why i substituted "your referral" for "the created account" is because that language sounds very cold and sterile. It needs to be geared towards people.

referrrrral.png

on the third section it's this:

"We will suggest to HIVE frontends that you, the referrer, will gain 3% beneficiary rewards from post earnings of the referred account. Please beware that referred accounts could always change this setting on a frontend, since it's a totally optional."

Consider changing it to this... (most noobs don't know the word "frontend" plus there were some grammar errors and awkward sentences.)

"We are recommending that Hive sites give you, the referrer, a 3% beneficiary reward from the post earnings of your referral. Please be advised that your referrals can always change this setting on a Hive site, since it's totally optional."

Thanks, reworked the referral program part and pushed it to production.

thanks for doing that....my edits are just suggestions...

Great new feature. Well done.
@roomservice, I'd love to add Inkito to the whitelist if possible?

Sure!
Is this your URL? -> https://inkito.io

Yes thats the one. I tried the pull request but didn't have the permission. Thanks

Alright, just pushed a new build.
Redirect should work now for your dApp.

Hello @roomservice, Any chance to get my app Miniaturena whitelisted for this? The address https://miniaturena.com

Sure, got your pull request - gonna add it later today in production!

Done! Just added: https://d.tube

Currently they are stored for a limited amount of time to prevent abuse. Of course the data is not used for any other purpose than that. Bad actors could create endless fake accounts and would drain all those account tickets available.

If you have any suggestions how to work around this issue, which is not a paywall, let me know. I'am open for improvements to be made. I don't like the fact that I have to store the data myself...

One thing I consider for a week now is open it up for oauth provider like Google/Facebook/Twitter - but this could open gates for abuse as well...

Great suggestion, a shame I didn't came to this solution.

Will go for it this weekend - anyone can check the code on git when it's ready.
I'am also open for an audit if there are security concerns.

All phone numbers are purged from the db now and instead a SHA-256 hash is stored for each account created. Works like a charm!

Aye! I'am really thankful for those insights - which are really valuable for me.

Usually I don't need papers but a little kick into the right direction :)

Excellent idea to protect users' privacy