Limit access to Posts and Pages based on user's Stacks wallet content (ex. STX, Fungible…
Stacks Access Plugin allows users to define which Posts or Pages have limited access based on user’s Hiro wallet contents (STX, NFTs, Fungible Tokens).
Ex. let’s say you own Crypto Ducks Club NFTs and want your blog content to be available only to other Crypto Ducks Club owners – with this plugin, you can do that.
Hiro Wallet only.
Short answer: no.
If a wallet is compatible with Stacks.js, then it should work.
Hiro Wallet is the de facto standard for Stacks 🤷
The ones that we would probably need for this to be 100% PHP based are:
Since none of the above is available at the moment, we’ve moved the required dependencies to a third party service that simply takes the signature and calculates Public Address used to sign it.
There’s no cost, because there’s no transaction involved.
Signing a secret phrase is the wallet’s built in functionality. It happens “locally” and is not published to the blockchain, therefore does not end up as a transaction.
We don’t need it and we don’t access it.
We need your wallet’s public address. To prove you OWN the address, we need you to use the wallet to sign a secret phrase for us (your wallet uses your private key to do it – the key never leaves your computer!).
Your wallet contents is publicly available information. If you know a wallet’s address, ex. ST24YYAWQ4DK4RKCKK1RP4PX0X5SCSXTWQXFGVCVY you can see it’s contents in blockchain explorer or via Stacks API – that’s how we determine if you own configured tokens.
If we (or ANYONE ELSE) ask you for your private key or seed/mnemonic phrase – THAT’S SOMETHING you should be worried about
It’s due to a bug in Hiro Wallet, see here.
Basically, when connecting Hiro Wallet for signing, the account selection screen sometimes makes no effect and your current account is selected.
Pay attention to account public address shown at the top of the screens to make sure you’re signing with desired account.
Otherwise – switch it in the wallet, before connecting (refresh the page to “disconnect” your wallet if needed, sometimes you may need to close your browser (clear session cookies))
Message signing (which we use to derive your wallet’s public address) is a relatively new feature in Hiro Wallet and Stacks itself and it’s been published prematurely 🙂
There are (were) problems with:
– message signing in a way that prevented users from deriving public address from signatures (see here, here and here)
– incompatible secp256k1 signature orders (vrs vs rsv) (see here)
The good thing is: it’s a known problem
The bad thing is: when it’s fixed, chances are our plugin will stop working until we make it compatible with the new versions of Hiro Wallet and Stacks.js