After creating my first blockstack identity the API returned no username in the beginning, now that somehow changed and I actually get my blockstack id as a username. I also saw that I can create identities which don’t have a username at all, so I need to consider that there will be users without blockstack.id using my app. Is it possible to use UserSession.getFile without a username to get files from another user? Maybe using the identity address?
(I’m actually planning to write a small smart EOS contract where user can “announce themselves”, so other users know from where to load files, in that registry I wanted to write the blockstack.id but I don’t necessarily get one, so now i’m thinking of using the identity address, but I’m not sure if it’s possible to do file lookups with that)
Ok, I just looked a little bit deeper into blockstack.js and it seems like that I can construct the correct urls which are needed for getFiles from the apps object which is part of the profile. The profileLookup which the username is needed for is exactly doing that. My only question is now if this URL is deterministic: https://github.com/blockstack/blockstack.js/blob/master/src/storage/index.ts#L70 ?
The URL to lookup other users’ data is deterministic, it is derived from the user root key and the domain name of the app. It can change if the user decided that the app key was compromised.
To lookup the profile you need the username (or you know the location of the profile, but that can change whenever the user wants)
Thanks a lot for your help, I think now I figured out, how to solve my problem. When the user authenticates first time, I’ll extract the public key from his private key and store it in my public “registry”:
Other users are then able to reconsruct it’s gaia url, which is all needed to load files, using:
const address = publicKeyToAddress(publicKey);
const gaiaUrl = "https://gaia.blockstack.org/hub/" + address; // don't hardcode the blockstack url like here
The only annoyance is that in blockstack.js almost every method is doing a profileLookup in the beginning, so I need to rewrite quite a few things for myself to bypass that and use the public key instead.
In my dreams the username parameter in all methods would be replaced with a public key parameter and then their would be one additional method to lookup the public key from a username for whoever needs it, but for that this feature request needs to be implemented first: https://github.com/blockstack/blockstack.js/issues/535
For now it would be great to have an alternative for these three:
@marie I see you’ve flagged this post for automatic deletion (presumably since you solved your problem). Mind if you leave it open, though, in case others have the same question?
I also endorse wholeheartedly the improvement of support for users without usernames. Thanks for flagging this with detailed info.
As an app developer I can’t rely on the fact that a user has a username as they are optional, so I would need to show users without a username some kind of alert that they are not allowed to use the app without creating a username, which is a bad user experience. The only way that this problem would be solved is that Blockstack makes usernames mandatory or at least create random usernames as soon as an identity is created, but I see why this might be a bad solution for the platform.
It would make things faster, right now blockstack.js is looking up users gaia addresses all the time. These lookups wouldn’t be necessary anymore as I can calculate the address directly from the public key.
Dealing with public keys seems a little bit more natural to me as I also can use them directly to encrypt files and to verify signatures.
Is there a strong use case for identities without usernames?
I don’t believe so. Usernames are meant to allow other users to discover your data, as well as any identity state (i.e. your public key and profile). If you do not want your data to be discovered by other users, you would not give it a username.
The app could hypothetically implement its own user-discovery mechanism internally, so users can discover each other’s keys and storage without registering usernames. But then, the users won’t own their identities anymore – the application would then be in the business of giving, managing, and revoking user IDs. The potential for abuse that comes with this is one of the “evils” we’re trying to avoid re-implementing.
As an app developer I can’t rely on the fact that a user has a username as they are optional, so I would need to show users without a username some kind of alert that they are not allowed to use the app without creating a username, which is a bad user experience.
Several prominent Blockstack apps today work just fine without usernames. They don’t need to nag the user about it as long as the user isn’t trying to “publish” anything – i.e. make data available that other users are expected to discover. The act of signing in without a username is akin to using the app anonymously, and IMO the app should convey this information to the user to set their expectations about the experience.