We currently use blockstack:
custom protocol handler to communicate between an app requesting user authentication and the authenticator tool that the user has selected. If you’ve installed Blockstack for macOS, Windows or Linux, the software installs the blockstack:
handler and redirects requests to a locally served copy of the Blockstack Browser typically running on http://localhost:8888
.
We attempt to detect if your computer supports the blockstack:
protocol handler and if it does not, direct you to the copy of the Blockstack Browser that we host at https://browser.blockstack.org.
Web browsers do not generally have support for detecting whether or not a user’s computer supports a given custom protocol handler. On Chrome, we use a library that detects some side effects of support for the protocol handler while on Firefox and Safari, users who haven’t installed Blockstack simply see errors such as the following:
This problem also existed on mobile devices, however, we worked around it by always redirecting mobile browsers to https://browser.blockstack.org.
On desktop, we have existing users whose apps would stop working without identity migration if we took a similar approach on desktop. We also have apps with users that would be uncomfortable storing their private keys on an origin that Blockstack PBC controls instead of one that they control.
This thread is meant to be a discussion around potential solutions to this problem.
Idea 1: Redirect except for whitelisted legacy apps
Create a whitelist consisting of existing apps in blockstack.js that would continue to have the current behavior. All other apps would redirect to https://browser.blockstack.org.
If a user wants to override this behavior, they can create a browser extension or separate browser app that intercepts this call and redirects it to their own authenticator.
Idea 2: User decides on first sign in
Add functionality to blockstack.js that creates a modal or popup on affected browsers that asks users if they’ve installed the native browser. If they have, use the custom protocol handler, if not redirect to https://browser.blockstack.org. Remember their choice in localstorage of the app.
Idea 3: Install web extension to keep using native
Modify blockstack.js to redirect all users to https://browser.blockstack.org. Offer a simple web extension that intercepts this request and redirects it to the localhost hosted versions for users that prefer to use that.
Please post your ideas and thoughts below!