Proper Login Screen

[dergigi]

The HTTP Basic Authentication added in #75 was just a temporary solution to get the first version out the door.

We should probably implement a proper login screen just like RTL and others have it.

[editwentyone]

if we implement a proper login screen, do we then need individual passwords for each wallet inside?

[ghost]

Nope, this is independent from wallet passwords. UX wise it would stay the same as it is with the current Basic Authentication setup.

This would just be a screen that protects the app from unauthorized access. Everything to the right of he vertical line below would stay exactly the same as it is currently.

                           │
                           │
                           │
┌────────────────────┐     │      ┌─────────────────────────┐
│                    │     │      │                         │
│                    │     │      │                         │
│                    │     │      │                         │
│   Login Screen     │  ───┼───►  │     Wallets Screen      │ ────────► ...
│                    │     │      │                         │
│                    │     │      │                         │
└────────────────────┘     │      └─────────────────────────┘
                           │
                           │
                           │
                           │
                           │

[editwentyone]

then why bother? I mean you can't access the wallets tu unlock them. the only option you have is to create a new wallet (until now)

why bother the normal home user to enter passwords kind of twice plus all the confusion for the normies (even 3 times, if you go through umbrel login » apps)

[ghost]

Because some parts of the API (e.g. listing wallets, creating wallets) will be accessible for anyone on the internet otherwise. While, as you correctly said, funds won't be in danger since wallets are locked on Joinmarket level, imagine people harassing you by creating thousands of wallets on your node or inferring things about the way you use Joinmarket by looking at what/how many wallets you have. That's something we don't want.

We already have this flow in place. It uses HTTP Basic Authentication to implement the vertical line from the diagram. Basic Auth looks a bit old and dusted and there's no way for us to style it which is why we want to move towards an in-app login screen similar to what Thunderhub, RTL, etc. have.

[editwentyone]

got it, thanks for the explanation. will add a screen with login prompt. its just a password field isn't it?

[editwentyone]

I added a simple login screen and also a logout possibility on the settings screen

🎨 Figma Login
🎨 Figma Logout