Depends on #125. @fabien is documenting the environmental requirements for deployment.

Is there a way to reset the client secret key of an app which is created by myself ?

Right now I did not find any button or action to achieve the goal above. There is only a "revoke" button in the edit app page to revoke all users who use the app, but no place for the app creator to reset the client secret key ...

Please help. Many thanks.

https://v2.steemconnect.com/ doesnt seem to work on IE11, i got a blank page with the error:
Object doesn't support property or method 'assign'

How do I use steemconnect2 in react Native ?

Is it possible? Please let me know if you have any suggestions.

Feature Request:
Add an account selection interrupt within the authorization flow for signed in users

Use case:
A web app allows its users to authorize multiple steem accounts

Current behavior:
When user is redirected to https://steemconnect.com/oauth2/authorize..., if he/she is already logged the authentication flow silently proceeds and redirects back to the url specified in the redirect_uri parameter.

Expected behavior:
When user is redirected to https://steemconnect.com/oauth2/authorize..., if he/she is already logged into steemconnect, an interrupt would be displayed:

Clicking on switch account would immediately prompt the user to sign in

Hello,
I am developing a Rails app and want to integrate with steemconnect authenticaiton.
Can Devise and Steemconnect work together?

Hi,

I am getting the Authorization page:

But the logo seems not working, and instead of the app id, it would be great to have the App Name:

Can you help?

Thanks!

All assets that are required by steemconnect must be included in the repository and app bundle. No third party resources can be loaded.

Expected Result - Broadcast 'escrow_transfer'
Actual Result - General Error: 'Oops! Something went wrong!'

After trying many combinations of arguments I've have been unable to use the steemconnect sign function to successfully create a hot signing link (same result using web interface.)The error page has zero insight into what the issue might be.

Taking the following example can anyone spot if I am doing something obviously wrong. The same parameters work with the steem.js equivalent escrowtransfer() but fail for steemconnect.
via sdk -

          let params = {
            from: 'sambillingham',
            to: 'jeffbernst',
            sbd_amount: '0.000 SBD',
            steem_amount: '1.000 STEEM',
            escrow_id: 28760349,
            agent: 'cutemachine',
            fee: '1.000 STEEM',
            ratification_deadline: '2018-03-24T19:08:45',
            escrow_expiration: '2018-04-20T19:08:45',
            json_meta: JSON.stringify({terms: 'test'})
          }

          steemconnect.sign('escrow-transfer', params);

Try link as such
https://steemconnect.com/sign/escrow-transfer?from=seller&to=buyer&agent=agent&escrow_id=28760349&sbd_amount=0.000%20SBD&steem_amount=1.000%20STEEM&fee=1.000%20STEEM&ratification_deadline='2018-03-24T19%3A08%3A45'&escrow_expiration='2018-04-20T19%3A08%3A45'&json_meta='%7B%22terms%22%3A%20%22test%22%7D'

Always returns an error.

thanks.

Depends on #125

To complete the changeover of control of steemconnect, Steemit inc. will issue new credentials for the steemconnect account.

• @jredbeard sends @fabien the new public keys for steemconnect
• @fabien changes the authorities for steemconnect to the public keys specified by @jredbeard

The operation withdraw_vesting description indicate 2 years period for powering down. That's wrong, the period is now 13 weeks.

When I disconnect from steemconnect, then click on the login button on Busy or Utopian, I get connected to Account A

For example

I am logged in busy.org with Account A

I disconnect because I want to use Account B

Once disconnected I click on the "login" button on busy.org

But Account A is logged in steemconnect.com, then Account A is automatically choosen in order to use busy.org

Therefore, it is impossible to use Account B

I am using the authorize URL in Oauth2 protocol:

https://v2.steemconnect.com/oauth2/authorize?client_id=crowdini.app&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fusers%2Fauth%2Fsteemconnect%2Fcallback%3Freferring_id%3D&response_type=code&scope=vote%2Ccomment&state=5710294e8f887b8ef979d046783ca3fb1b25fd9db5fbfe6b

I know you need the exact URI in redirect_uri, to accept the call.

But it would be great for me to be able to pass variables like referring_id.

Could you make an improvement to accept variables in redirect_uri ?

Currently steemconnect.com's DNS is handled by Cloudflare.

To close this issue, set up new DNS record pointers in the zone file for steemconnect.com with Steemit Inc.'s domain registrar.

We should add a script to redirect iframe integration to full page.

To close this issue, leave a note here including information about the domain registrar and where the code for the registration change can be found.

I am trying to make login with Oauth2:

https://v2.steemconnect.com/api/oauth2/authorize?client_id=crowdini.app&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fusers%2Fauth%2Fsteemconnect%2Fcallback%3Freferring_id%3D&response_type=code&scope=vote%2Ccomment&state=5710294e8f887b8ef979d046783ca3fb1b25fd9db5fbfe6b

But I am having the following response:

{
error: "invalid_grant",
error_description: "The token has invalid role"
}

Have you an idea of what am I missing?

Thanks!

Allow app owner to recover app proxy account if the proxy account dont have posting authority delegated to it by another user.

Recently when i visited steemit's application steemconnect i discovered a vulnreability there .
When we specify an invalid scope then the authorize url redirects to the site mentioned in redirect_uri. So, attacker can create an app and use it as open redirector to redirect victims to fake sites.
eg. Attacker can host same phishing page and hack the victims.

If you are given link like :

https://steemconnect.com/authorize/@malicious.site?redirect_url=https://malicious.site

Here you ll be Asked For Private key and password when you put valid login you ll be redirected to malicious site.

The @variable and redirect_url are juts matched and redirects you to the site you provided .
steemit/condenser#1491 (comment)

We need to update moment dep when there is a patch available to solve nsp issue:

Today I tried to delegate some SP to another user. I entered this URL into my browser:

https://v2.steemconnect.com/sign/delegateVestingShares?delegator=magicmonk&delegatee=justyy&vesting_shares=1025010%20VESTS

After I pressed enter, the following screenshot came up.

I then clicked on Continue and entered my user name and password (same process as logging into Utopian). I used my private active key.

Then I got this screen.

Note: It is not because I didn't enter the correct key. Because if you don't enter the correct key, then this is the error message:

I have tried this in both Chrome and Internet Explorer. Either way, it will not let me delgate. The above screenshots were done in Chrome. In Internet Explorer, it won't even show the first screen (completely blank).

note: apps are already using steemconnect2 apis, so this transfer must preserve functionality of steemconnect at all times.

1. steemit to decide on new domain registrar
2. steemit to decide on new dns hosting
3. migrate/transfer domain
4. setup steemit dns hosting
5. setup new AWS account to host steemconnect
6. setup postgres RDS
7. setup beanstalk app
8. cycle @steemconnect user keys

The operation account_update is tricky, that can lead user to password change or any authority delegation. We should not permit this operation with single or multiple ops hot signing.

What I wanted
I wanted to send some SBD to an account via Busy.
(I'm making the issue here because the URL was steemjs.com when the problem happened.)

What happened
I've got an error message.

How to reproduce
Send integer SBD to an account.

(As a non-native speaker I don't know if it's the correct term for a number without decimal point. What is important here that try to send e.g. 1 SBD, not 1.000 SBD. You wouldn't have problem the latter, only with the former one.)

Hi,

I am making a kind of port of sc2-sdk to ruby, but I am blocked with vote operation.

I send a 'api/broadcast' POST with correct auth headers, but I cannot guess how I should send the payload.

Can you provide me an example of paiload for a broadcast vote api call ?

Would want to set account picture and banner.

And be able to use steem account as any other account.

nodemon should not be used in production.

I read this and this , I connect SC2 to my projects ,I login or logout with ST2 but how can I post share with python - django ? I dont understand that someone can help me ?

We should use modularized moment, now it's taking 200ko on the app.min.js file

Depends on #123, #124

Once Steemit, Inc. has specified the new domain registrar, @fabien et al. should transfer the steemconnect.com domain to that registrar.

From steemit/condenser#1492:

1. It uses Security.allowDomain("*") which is extreamly dangerous https://steemconnect.com/profile
   Security Impact of CORS Misconfig
   http://yassineaboukir.com/blog/security-impact-of-a-misconfigured-cors-implementation/

Currently regardless of what the error is, this gets shown:

Sadly most users are not technically versed enough to open their developer console to see the actual error. So we have many users who want to use steemconnect but get random errors we don't know about.

Is there a way to add the details in a hidden box or so that can be opened up?

I tried redirecting the powerdown SP from one of my accounts to another and entered the correct credentials, but the operation will not work. It gives the "Oops something went wrong" error message and no error log in the browser console.

I tested this on Chrome by using the https://steemconnect.com/sign/set_withdraw_vesting_route?from_account=[from_account]&to_account=[to_account]&percent=10000&auto_vest=false URL.

This does not work for anyone who tries it, hence it isn't an isolated issue.

Expected behavior

the scope for post or comment deletion should be delete_comment

Actual behavior

the scope for post or comment deletion is comment_delete (which generate an error when trying to delete a post or a comment)

How to reproduce

• get an access token via https://v2.steemconnect.com/oauth2/authorize?client_id=CLIENT_ID&redirect_uri=REDIRECT_URI&scope=comment_delete

• use the granted access token to perform a post or comment deletion:

steemconnectapi.broadcast([
      'comment_delete',
      {
        'author': author,
        'permlink': permlink
      }
    ])

• you'll get the error "invalid_scope The access_token scope does not allow the following operation(s): comment_delete"

• Browser: all
• Operating system: all

Hi This is @recrack. I follow the this article. (https://steemit.com/steemconnect/@noisy/how-to-configure-steemconnect-v2-and-use-it-with-your-application-how-it-works-and-how-it-is-different-from-v1) but steemconnect app is not create.

Step

1. https://v2.steemconnect.com/apps/create

2. Add App name -> [CREATE ACCOUNT] click
   

3. login
   but this error is came up.
   ![image](https://user-images.githubusercontent.com/329213/35561028-72584d10-05f2-11e8-8526-9e043b3ab364.png

Why this is not working. please check this issue.

steemit account : recrack

Test Browser

• Chrome
• Safari
• Internet Explorer

Hey!

I found a way through which a Hacker can hack one of steemit websites! Is their any bug Bounty program or Vulnerability reward policy? Through which i can report it to steemit? or Steemit team can contact me at
[email protected]

Hi Guys,

For a long time now I have realised some strange behaviour on SteemConnect when trying to revoke my token / logout.

When I am logged in into a service via SteemConnect, then logout and try to login again I am immediately logged in with the same account I used before. This is pretty nasty because it makes it really hard to change accounts on the same services.

The only solution I have found is to delete the cookies for steemconnect on my browser.
Is this an expected result ? If so, how are account changes meant to be done ?

Or does simply the token revoke endpoint not work correctly ?
(I have manually tested to revoke authorized apps on SteemConnect Dashboard and after that I was able to easily logout and login with another account)

Thanks for your help :)

Usually the header sent has this syntaxe:

Authorization: [Bearer|Basic] Token

There is currently no support for this syntaxe

Keep getting this error when updating a post even though no permlink has been changed, "equal( com.parent_permlink, o.parent_permlink ): The permlink of a comment cannot change."

I've visited SteemConnect and wanted to upload a new profile picture (my account is @tibonova at Steem).

I couldn't upload the picture, the process had stuck.
I couldn't change my info on Steemit either.
I had cleared my profile on SteemConnect, and I was able to change my profile on Steemit.

However, image uploading on SteemConnect still does the same (stuck).

OS: Ubuntu 14.04
Browser: Chromium v61.0.3163.100

The new environment will need to be able to deploy a complete instance of steemconnect. @fabien can you please document the requirements here? Database, etc.

People are often asking for help when a sign operation doesn't work.
Instead of asking multiple questions or ask the user to show us logs, ... it would be nicer to have access to a page that would display a report the user could give or send to the concerned party.

We could have a small text below the try again button like this

This would lead to a page displaying essential information for debugging

We could prepare a formatted page showing
1/ The url used (for example : /sign/vote?voter=ned&author=krnel&permlink=getting-too-personal-with-ai-assistants&weight=10000)
2/ The complete parameters and operations broadcast
3/ The full stack of the blockchain error

This page would display FAQ and documentations link first and then suggest where to send this report either to steemit support, a discord channel or open a github issue if the user is sure that it's a bug

Hi,

we are voting with our users credentials, and for some users we are experiencing this error:

401 Unauthorized: {"error":"invalid_grant","error_description":"The token has invalid role"}

Can you help how to understand this?

Thanks!

Is there any latest working example for trying out oauth2 using https://v2.steemconnect.com ?

i tried using example code here: https://steemit.com/tutorial/@krnel/tutorial-how-to-add-steemit-login-to-your-site-with-steemconnect which doesn't work anymore!!!

Followed instrcutions here using implict authorization link: https://github.com/steemit/sc2/wiki/OAuth-2
but not able to make it work. Can anyone help me here? Thanks in advance.

I am on https://steemconnect.com/developers and want to click on the download button for the

Steem Connect JavaScript SDK

but it gives me an :

https://raw.githubusercontent.com/adcpm/steemconnect/dev/dist/steemconnect.min.js

Hey there.
Please link at steemconnect.com to subdirectories / important sites like
Docs: https://v2.steemconnect.com/docs/steemjs or https://steemconnect.com/docs/steemjs
Dashboard (if logged in): https://steemconnect.com/dashboard
Login (if not logged in): https://steemconnect.com/login

Otherwise it's really hard to find these sites