For SPAs using a "Login with Blockstack" style button

“coretech-bart” wrote on Slack:

For SPAs using a “Login with Blockstack” style button, Is the expectation that all Users will run a personal blockstack server at a predefined URL? or is there a “best practice” for an app to discover the user’s preferred authentication/API/etc endpoints?

Still nailing down the exact strategy here but this is the current plan:

  • The SPA will check localhost to see if the user is running a Blockstack server.
  • If no user server is found, the SPA will redirect to a predefined URL like

Would love further input on this as it’s a delicate issue. There really isn’t a problem if the user is running a server locally but I’m not thrilled about having to redirect to a hardcoded URL if the user isn’t running a server yet.

I will point out that the server will run in the background and will be lightweight and will be installed easily by an app you can download.

Can we create a GitHub issue for this here

This is great for the subset of users who have the will and capability to run the server however, my expectation is that there exists a class of user that wants or needs to “outsource” trust in maintaining things like their bitcoin wallets. For these users, I would expect a number of middle-men, like the multitude of bitcoin web wallets, to appear and have distinct API endpoints.

It would be a shame if apps had to explicitly call out providers (through multiple “log in with …” buttons that are all backed by blockstack) they are aware of but, that may be more UX friendly than having the user manually type in their providers “discovery URL” to facilitate the exchanges. Maybe the best is a combo, where users are presented with the most common wallet providers if no local service is found the last of which is “other Blockstack ID provider” which allows manually typed URLs.

Yeah the only thing is it’s a rough user experience to say “Login with Blockstack” and then ask new users to pick a Blockstack provider/wallet when they don’t know what Blockstack is.

One option is to leave this up to the app developer. They drop in Blockstack.js and then they choose which Blockstack provider they want to redirect new users to.

Of course, all existing users will automatically be redirected to their existing provider, ideally hosted on localhost.

I fully agree. I hadn’t actually been considering an App’s responsibility to provide on-boarding for Blockstack as well as their offering and that may be an equally large concern.

The primary concern originally was seamless integration for users who already have a Blockstack ID (whether local or provided by a middle-man they trust) but are not currently users of the App. In this case, I don’t think an app can make this choice for the user. From the user’s point of view they have a Blockstack ID but it may not be automatically discover-able by the app unless they are running a local node.

I feel like the solution is pretty simple if the user already has a provider. There can be a protocol handler that can be dispatched to either the locally running node or a web provider that has subscribed to be the receiver of the protocol handler.

As an example, when you click a Bitcoin address link, if you already have a Bitcoin wallet the link will open with that wallet. This works with desktop wallets, mobile wallets, and web wallets like Coinbase alike.

Sounds good but needs to be concrete. It would need to be a standard protocol like blockstack: to facilitate interop between providers and apps. For future reference, where will best practices like this be specified in the future?