Signer app for Steem
# Install dependencies
npm install
# Serve on localhost:8080
npm run serve
# Build for production
npm run build
# Build desktop apps
npm run build-electron
Signer app for Steem
Home Page: https://steemconnect.com
License: MIT License
Is there a way to reset the client secret key of an app which is created by myself ?
Right now I did not find any button or action to achieve the goal above. There is only a "revoke" button in the edit app page to revoke all users who use the app, but no place for the app creator to reset the client secret key ...
Please help. Many thanks.
https://v2.steemconnect.com/ doesnt seem to work on IE11, i got a blank page with the error:
Object doesn't support property or method 'assign'
How do I use steemconnect2 in react Native ?
Is it possible? Please let me know if you have any suggestions.
Feature Request:
Add an account selection interrupt within the authorization flow for signed in users
Use case:
A web app allows its users to authorize multiple steem accounts
Current behavior:
When user is redirected to https://steemconnect.com/oauth2/authorize...
, if he/she is already logged the authentication flow silently proceeds and redirects back to the url specified in the redirect_uri
parameter.
Expected behavior:
When user is redirected to https://steemconnect.com/oauth2/authorize...
, if he/she is already logged into steemconnect, an interrupt would be displayed:
Clicking on switch account
would immediately prompt the user to sign in
Hello,
I am developing a Rails app and want to integrate with steemconnect authenticaiton.
Can Devise and Steemconnect work together?
Expected Result - Broadcast 'escrow_transfer'
Actual Result - General Error: 'Oops! Something went wrong!'
After trying many combinations of arguments I've have been unable to use the steemconnect sign function to successfully create a hot signing link (same result using web interface.)The error page has zero insight into what the issue might be.
Taking the following example can anyone spot if I am doing something obviously wrong. The same parameters work with the steem.js equivalent escrowtransfer()
but fail for steemconnect.
via sdk -
let params = {
from: 'sambillingham',
to: 'jeffbernst',
sbd_amount: '0.000 SBD',
steem_amount: '1.000 STEEM',
escrow_id: 28760349,
agent: 'cutemachine',
fee: '1.000 STEEM',
ratification_deadline: '2018-03-24T19:08:45',
escrow_expiration: '2018-04-20T19:08:45',
json_meta: JSON.stringify({terms: 'test'})
}
steemconnect.sign('escrow-transfer', params);
Always returns an error.
thanks.
Depends on #125
To complete the changeover of control of steemconnect, Steemit inc. will issue new credentials for the steemconnect
account.
steemconnect
steemconnect
to the public keys specified by @jredbeardThe operation withdraw_vesting
description indicate 2 years period for powering down. That's wrong, the period is now 13 weeks.
When I disconnect from steemconnect, then click on the login button on Busy or Utopian, I get connected to Account A
For example
I am logged in busy.org with Account A
I disconnect because I want to use Account B
Once disconnected I click on the "login" button on busy.org
But Account A is logged in steemconnect.com, then Account A is automatically choosen in order to use busy.org
Therefore, it is impossible to use Account B
I am using the authorize URL in Oauth2 protocol:
https://v2.steemconnect.com/oauth2/authorize?client_id=crowdini.app&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fusers%2Fauth%2Fsteemconnect%2Fcallback%3Freferring_id%3D&response_type=code&scope=vote%2Ccomment&state=5710294e8f887b8ef979d046783ca3fb1b25fd9db5fbfe6b
I know you need the exact URI in redirect_uri
, to accept the call.
But it would be great for me to be able to pass variables like referring_id
.
Could you make an improvement to accept variables in redirect_uri ?
Currently steemconnect.com's DNS is handled by Cloudflare.
To close this issue, set up new DNS record pointers in the zone file for steemconnect.com with Steemit Inc.'s domain registrar.
We should add a script to redirect iframe integration to full page.
To close this issue, leave a note here including information about the domain registrar and where the code for the registration change can be found.
I am trying to make login with Oauth2:
https://v2.steemconnect.com/api/oauth2/authorize?client_id=crowdini.app&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fusers%2Fauth%2Fsteemconnect%2Fcallback%3Freferring_id%3D&response_type=code&scope=vote%2Ccomment&state=5710294e8f887b8ef979d046783ca3fb1b25fd9db5fbfe6b
But I am having the following response:
{
error: "invalid_grant",
error_description: "The token has invalid role"
}
Have you an idea of what am I missing?
Thanks!
Allow app owner to recover app proxy account if the proxy account dont have posting authority delegated to it by another user.
Recently when i visited steemit's application steemconnect i discovered a vulnreability there .
When we specify an invalid scope then the authorize url redirects to the site mentioned in redirect_uri. So, attacker can create an app and use it as open redirector to redirect victims to fake sites.
eg. Attacker can host same phishing page and hack the victims.
If you are given link like :
https://steemconnect.com/authorize/@malicious.site?redirect_url=https://malicious.site
Here you ll be Asked For Private key and password when you put valid login you ll be redirected to malicious site.
The @variable and redirect_url are juts matched and redirects you to the site you provided .
steemit/condenser#1491 (comment)
Today I tried to delegate some SP to another user. I entered this URL into my browser:
https://v2.steemconnect.com/sign/delegateVestingShares?delegator=magicmonk&delegatee=justyy&vesting_shares=1025010%20VESTS
After I pressed enter, the following screenshot came up.
I then clicked on Continue and entered my user name and password (same process as logging into Utopian). I used my private active key.
Then I got this screen.
Note: It is not because I didn't enter the correct key. Because if you don't enter the correct key, then this is the error message:
I have tried this in both Chrome and Internet Explorer. Either way, it will not let me delgate. The above screenshots were done in Chrome. In Internet Explorer, it won't even show the first screen (completely blank).
note: apps are already using steemconnect2 apis, so this transfer must preserve functionality of steemconnect at all times.
The operation account_update
is tricky, that can lead user to password change or any authority delegation. We should not permit this operation with single or multiple ops hot signing.
What I wanted
I wanted to send some SBD to an account via Busy.
(I'm making the issue here because the URL was steemjs.com when the problem happened.)
What happened
I've got an error message.
How to reproduce
Send integer SBD to an account.
(As a non-native speaker I don't know if it's the correct term for a number without decimal point. What is important here that try to send e.g. 1
SBD, not 1.000
SBD. You wouldn't have problem the latter, only with the former one.)
Hi,
I am making a kind of port of sc2-sdk to ruby, but I am blocked with vote operation.
I send a 'api/broadcast' POST with correct auth headers, but I cannot guess how I should send the payload.
Can you provide me an example of paiload for a broadcast vote api call ?
Would want to set account picture and banner.
And be able to use steem account as any other account.
nodemon should not be used in production.
We should use modularized moment
, now it's taking 200ko on the app.min.js file
From steemit/condenser#1492:
- It uses Security.allowDomain("*") which is extreamly dangerous https://steemconnect.com/profile
Security Impact of CORS Misconfig
http://yassineaboukir.com/blog/security-impact-of-a-misconfigured-cors-implementation/
Currently regardless of what the error is, this gets shown:
Sadly most users are not technically versed enough to open their developer console to see the actual error. So we have many users who want to use steemconnect but get random errors we don't know about.
Is there a way to add the details in a hidden box or so that can be opened up?
I tried redirecting the powerdown SP from one of my accounts to another and entered the correct credentials, but the operation will not work. It gives the "Oops something went wrong" error message and no error log in the browser console.
I tested this on Chrome by using the https://steemconnect.com/sign/set_withdraw_vesting_route?from_account=[from_account]&to_account=[to_account]&percent=10000&auto_vest=false URL.
This does not work for anyone who tries it, hence it isn't an isolated issue.
the scope for post or comment deletion should be delete_comment
the scope for post or comment deletion is comment_delete (which generate an error when trying to delete a post or a comment)
get an access token via https://v2.steemconnect.com/oauth2/authorize?client_id=CLIENT_ID&redirect_uri=REDIRECT_URI&scope=comment_delete
use the granted access token to perform a post or comment deletion:
steemconnectapi.broadcast([
'comment_delete',
{
'author': author,
'permlink': permlink
}
])
Hi This is @recrack. I follow the this article. (https://steemit.com/steemconnect/@noisy/how-to-configure-steemconnect-v2-and-use-it-with-your-application-how-it-works-and-how-it-is-different-from-v1) but steemconnect app is not create.
Step
login
but this error is came up.
![image](https://user-images.githubusercontent.com/329213/35561028-72584d10-05f2-11e8-8526-9e043b3ab364.png
Why this is not working. please check this issue.
steemit account : recrack
Test Browser
Hey!
I found a way through which a Hacker can hack one of steemit websites! Is their any bug Bounty program or Vulnerability reward policy? Through which i can report it to steemit? or Steemit team can contact me at
[email protected]
Hi Guys,
For a long time now I have realised some strange behaviour on SteemConnect when trying to revoke my token / logout.
When I am logged in into a service via SteemConnect, then logout and try to login again I am immediately logged in with the same account I used before. This is pretty nasty because it makes it really hard to change accounts on the same services.
The only solution I have found is to delete the cookies for steemconnect on my browser.
Is this an expected result ? If so, how are account changes meant to be done ?
Or does simply the token revoke endpoint not work correctly ?
(I have manually tested to revoke authorized apps on SteemConnect Dashboard and after that I was able to easily logout and login with another account)
Thanks for your help :)
Usually the header sent has this syntaxe:
Authorization: [Bearer|Basic] Token
There is currently no support for this syntaxe
Keep getting this error when updating a post even though no permlink has been changed, "equal( com.parent_permlink, o.parent_permlink ): The permlink of a comment cannot change."
I've visited SteemConnect and wanted to upload a new profile picture (my account is @tibonova at Steem).
I couldn't upload the picture, the process had stuck.
I couldn't change my info on Steemit either.
I had cleared my profile on SteemConnect, and I was able to change my profile on Steemit.
However, image uploading on SteemConnect still does the same (stuck).
OS: Ubuntu 14.04
Browser: Chromium v61.0.3163.100
The new environment will need to be able to deploy a complete instance of steemconnect. @fabien can you please document the requirements here? Database, etc.
People are often asking for help when a sign operation doesn't work.
Instead of asking multiple questions or ask the user to show us logs, ... it would be nicer to have access to a page that would display a report the user could give or send to the concerned party.
We could have a small text below the try again button
like this
This would lead to a page displaying essential information for debugging
We could prepare a formatted page showing
1/ The url used (for example : /sign/vote?voter=ned&author=krnel&permlink=getting-too-personal-with-ai-assistants&weight=10000
)
2/ The complete parameters and operations broadcast
3/ The full stack of the blockchain error
This page would display FAQ and documentations link first and then suggest where to send this report either to steemit support, a discord channel or open a github issue if the user is sure that it's a bug
Hi,
we are voting with our users credentials, and for some users we are experiencing this error:
401 Unauthorized: {"error":"invalid_grant","error_description":"The token has invalid role"}
Can you help how to understand this?
Thanks!
Is there any latest working example for trying out oauth2 using https://v2.steemconnect.com ?
i tried using example code here: https://steemit.com/tutorial/@krnel/tutorial-how-to-add-steemit-login-to-your-site-with-steemconnect which doesn't work anymore!!!
Followed instrcutions here using implict authorization link: https://github.com/steemit/sc2/wiki/OAuth-2
but not able to make it work. Can anyone help me here? Thanks in advance.
I am on https://steemconnect.com/developers and want to click on the download button for the
Steem Connect JavaScript SDK
but it gives me an :
https://raw.githubusercontent.com/adcpm/steemconnect/dev/dist/steemconnect.min.js
Hey there.
Please link at steemconnect.com to subdirectories / important sites like
Docs: https://v2.steemconnect.com/docs/steemjs or https://steemconnect.com/docs/steemjs
Dashboard (if logged in): https://steemconnect.com/dashboard
Login (if not logged in): https://steemconnect.com/login
Otherwise it's really hard to find these sites
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.