Hacker News new | ask | show | jobs
by whymarrh 1661 days ago
> Web3 is by far the easiest way to provide auth to a web app right now

Easiest by what measure? As I understand it, few browsers (read: only one or two) have built in wallets and outside of that the UX for this auth isn’t great. It’s hard to see how this is better/easier to use than existing OIDC/"Sign In With X" solutions.
1 comments
RileyJames 1661 days ago
Click “Connect” and sign into MetaMask wallet.

Agreed, it’s much the same as OIDC.

Tho personally, beyond GitHub for dev related sites, I won’t use them.

If anything it enables “websites” to be simpler, smaller.

A UI atop a single function.

Without the bloat. Without the “we must do enough to show value to get users to sign up”.

I just auth, use it, and move on with my life.

Sometimes there’s a fee per use. Sometimes that value is exchanged somewhere else in the transaction. But either way, I got what I needed and I’m done.

link
diveanon 1661 days ago
Don't forget that it can also be revoked without any action required from the application itself.

Web3 is everything we wanted out of auth for the last decade or so.

link
whymarrh 1660 days ago
And what does this revocation accomplish? The app still has your unique address. This revocation is simply "don't log me in next time." You still need to use the app to delete any data, if that's even possible (highly-dependent on the app). This is no different than going to your GitHub account (in the parent comment's example and revoking https://docs.github.com/en/authentication/keeping-your-accou...).

I don't disagree that having a keypair on the client for authentication is a cool idea, but it's hardly specific to "Web3" (e.g. https://developer.apple.com/documentation/authenticationserv...).

link
nwienert 1660 days ago
Only if the web3 app itself is entirely decentralized, doesn't implement any moderation, and never votes to change the above. I suspect they will quickly need moderation, and therefore it wont matter if your identity is irrevocable as the platform itself could easily block it.

I do see the value in being able to bring an identity around and store it in a blockchain, but... extreme fragmentation is a bummer.

link
etchalon 1660 days ago
So we're just gonna forget OpenID exists?
link