Announcing Signup.cash, empowering web based DApp ecosystem in Bitcoin Cash

20 1141
Avatar for p0oker
Written by
4 years ago

Link to the article in: Japanese

Web is eating the world, but our community is not getting its fair share. Most web developers in the world do not understand how blockchain works and are not convinced that it might worth the learning curve. But maybe they don't need to learn anything new to use it! That's what Signup is trying to do. In this concise article I will try to go through my motivation for creating Signup, how it works and what goals this project is willing to accomplish.

Problem(s)

Building web apps for Bitcoin cash is not as easy as we wish it to be. Libraries like Bitbox and SLPjs provided access to APIs for broadcasting transactions and utility functions to sign them. They are pretty good, however, three problems are still prevalent.

  1. How to make users trust us with their private key?

  2. How to build BCH transactions? Can't we just ask for specific amount?

  3. How to store data and build social apps? memo protocol is there but everything is closed sourced!

What is Signup?

Signup is a non-custodial platform as a service for developers to build BCH decentralized apps. The core elements of the Signup consist of:

Key Signing Hub: A non-custodial wallet on your browser to work like a hardware wallet, requesting for consent from the user and signing transactions.

Framework: Utility functions and easy to use API for developers to request users for different type of transactions without exposing the technical side of building a transaction on the blockchain.

Infrastructure: Providing all the infrastructure needs of any type of decentralized app for developers so they can focus on building amazing user experience for their users.

How it works for users?

Signup is a universal login like Facebook Login buttons. As a user, in every website you visit you can login to your Signup wallet and be identified using your unique Cash Account. If you are not familiar with Cash Account, it's a specification for a human readable account name that is directly connected to your BCH address (Credit to Jonathan Silverblood).

The web app you logged in can request you for different types of transactions (payment, storing data etc) and you get to choose to accept or deny it. Those web app you log in, would never have access to your private keys and there is no need for a browser extension to be installed.

Upon using any web app that uses Signup technology, the first time you will be asked to create a wallet that comes with a free Cash Account username.

After you're Signed up! You can use any web apps to interact with blockchain. This is how it looks like in a third party web app:

Try it out yourself! (report bugs if you found them 🤔)

In the example above, the website you clicked the button has no access to your private key or identity, however, it can log you in and recognize you with your unique cash account and BCH address.

For the most basic type of transaction, meaning a tip button it is similar to this:

Try it out yourself! (report bugs if you found them 🤔)

As you can see developers are totally in control of the experience of the app and are not limited to a set of predefined buttons and components. However, the consent popup in the bottom of the page is always gate-keeping your rights to make sure no transaction happens without your approval.

How it works for developers?

Developers can just use it right away without any registration or API keys. An authentication is as simple as this:

const signup = new SignupCash();
const user = await signup.cash.authenticate();

const { cashAccount, bchAddress } = user.getIdentity();

Requesting your web app's users for a payment would be as simple as this:

const signup = new SignupCash({addr: "DEVELOPER BCH ADDRESS"});
const user = await signup.cash.authenticate();

const { txId } = await user.pay(1000, 'SAT');

After user finished the payment, transaction ID will be returned in the example above.

You can visit our official docs or check out the Github repository for the fully functional example codes above.

Roadmap

  • SLP tokens support

  • Memo Protocol Integration (enabling building social media apps)

  • Signup key-signer app (keeping the custody of your private key on your phone)

  • IPFS infrastructure for Signup Storage (TBA)

  • Anonymized Analytics dashboard for developers

  • What else you need? Let us know!

What we believe in

  • Open source everything!

  • Everyone should be able to join and contribute

  • Make it damned easy!

  • Focus on the business use cases rather than fancy tech

  • Micro payments are the future

  • Bitcoin is pro business, so we are!

Get involved

Many features are still in progress and there is lots of work to do. Join our Telegram group and say Hi! Want to checkout Signup's code base and learn what we open sourced? Check out the Signup organization page in Github. Also feel free to follow me in Twitter for getting a hang of future updates.

Sponsorship or Investment?

Signup is a self funded project, in case you like the idea and are interested to help the project financially, drop me a line at p0oker@pm.me or DM me in Twitter.

8
$ 15.03
$ 5.00 from @jan
$ 2.00 from @Read.Cash
$ 2.00 from @Cain
+ 13
Sponsors of p0oker
empty
empty
empty
Avatar for p0oker
Written by
4 years ago

Comments

Nice project bro, i hope you can get success

$ 0.00
4 years ago

Best of luck on the new project!

$ 0.00
4 years ago

We like this project a lot! Kudos! Super-cool! One thing that would be really useful for sites like read.cash is send-to-many. i.e. request one transaction that sends specific amounts to certain addresses, like "500 sats to bitcoincash:pzr123456, 600 sats to bitcoincash:ppj567890" (that's how our affiliate program works). Sad to see that you need to set Brave shields down. Hopefully, that gets resolved some way. Kudos!

$ 0.00
4 years ago

Thank you so much! I think pay to many is very much a good addition, I will look into it.

About Brave and some other browsers I still have some problems but I'm already half way to fix it. Hopefully a 100% browser support would be possible soon.

$ 0.00
4 years ago

What we believe in Open source everything!

Everyone should be able to join and contribute

Make it damned easy!

Focus on the business use cases rather than fancy tech

Micro payments are the future

Bitcoin is pro business, so we are!

With all that you got my vote

$ 0.00
4 years ago

Thanks, it's not how Signup is doing it but definitely stupid to patent something so common. Cash ID protocol uses same mechanism and before that it was Bit ID which is provably created 6 years ago:

https://github.com/bitid/bitid

$ 0.50
4 years ago

patents suck 🤬

$ 0.00
4 years ago

Patents are the statist way to force socialism on the economy - they are a form of oppression and terror.

$ 0.00
4 years ago

Signup is a universal login like Facebook Login buttons.

so you don't need Badger to use BCH dapps? is that the idea? if so, i think that's great, but still a pain in the ass to secure the seed phrases .. is there any alternative?

sent a tip 😉

edit: also, got this error in Brave

$ 0.00
4 years ago

I made a guide for how to make it work in Brave. It's in the Learn more of the error you put up there as well:

https://www.notion.so/p0oker/Brave-Browser-8bac6fa4862a4460ae1db82d385fcc9e

$ 0.00
4 years ago

"Shields DOWN" .. didn't even know I had shields; now that I do; I can't imagine turning them DOWN 😳

Chrome works quite well for now 😉

$ 0.00
4 years ago

Haha yeah, I'm working on fixes for these issues. It's basically allowing third party websites to set cookie for you. ad networks use it to track users to show them personalized ads. bad for privacy but it's not gonna make you get hacked!

$ 0.00
4 years ago

Seed phrases are stored in a central hub on secure.signup.cash. Other web apps use a sandboxed iframe to message pass to this window and request for transactions. Everything is signed and broadcasted in the hub so apps don't have access to it.

The security of the central hub is taken seriously to the extent that I didn't use any dependency or framework for that to make sure the code is safe and auditable (however still require testing & review)

Thanks for the report, 100% browser compatibility will achieve with the signer app.

$ 0.00
4 years ago

Seed phrases are stored in a central hub on secure.signup.cash. Other web apps use a sandboxed iframe to message pass to this window and request for transactions.

got it!

however, users will still need to secure (backup) their seed phrases, in the event that localStorage or cookies are cleared; that's what I meant

The security of the central hub is taken seriously to the extent that I didn't use any dependency or framework

all sounds good to me 👍

$ 0.00
4 years ago

Seed phrases are stored in a central hub on secure.signup.cash

I must be misunderstanding something or you are talking of some other seed phrase - not user seed phrase? User seed phrase is stored in the browser, not on a central hub.

$ 0.00
User's avatar jan
4 years ago

My bad on explaining it in a confusing way. Yes I'm talking about user seed phrases, let me give you an example.

Let's say David has a website called david-store.com and wants to use Signup for payments. His website will use Signup but seed phrases are not stored under david-store.com local storage, it is stored under secure.signup.cash local storage. That's why I call it a central hub.

What's the difference? David in this scenario cannot write malicious script to steal user's seed phrases and send it to his servers. Because he doesn't have access to the local storage of the secure.signup.cash. All he can do is sending messages to the central hub and ask for requests. Central hub shows a consent window to the user (inside david's website) and process the transaction upon approval. It's still all stored and signed in the browser but with isolating the key signer from web apps we ensure security and lower level of complexity.

$ 0.50
4 years ago

Thanks for giving a detailed response. I am relieved :) Isn't there a better name for this, i.e. scope? The security is enforced by the browser, certainly not by a central "hub".

$ 0.10
User's avatar jan
4 years ago

Welcome, I call it a central hub because all the web apps using Signup, send request to one subdomain for their transactions, but it's still non-custodial.

It's just a name, as long as we know what we are talking about it should be fine.

$ 0.00
4 years ago