anza-xyz / solana-pay

A new standard for decentralized payments.
https://solanapay.com
Apache License 2.0
1.32k stars 466 forks source link

[feature] NFC support #57

Open lukepuplett opened 2 years ago

lukepuplett commented 2 years ago

Hey all, Solana Pay looks really exciting, well done. Low-cost, low-friction IRL payments will solve a bunch of problems as we go fully cashless.

Firstly, is this the right place for this kind of question?

My question is around what's needed to build a contactless terminal for payments that feels to consumers like Apple Pay. Will wallet developers be encouraged to register the solana: scheme so that scanning a URL in an NFC tag launches the wallet? Has anyone experimented with this, yet?

The Chinese are apparently big users of QR codes but many other nations don't really get it (yet) but do understand contactless card, phone and wearables payments. It's also easier to just wave your phone over a pad and have it do the right thing.

Cheers!

jordaaash commented 2 years ago

Hey, great question. I think NFC support would totally be in scope. It would be killer to have native SDKs to make all of this easy for wallets and mobile apps.

Is this something you're familiar with the implementation of, or know someone who might be interested in working on this?

lukepuplett commented 2 years ago

That's great. So, I'm a developer but not an iOS or Android developer–I did make a Windows Phone 7 app but it's best if we never mention that ;)

My understanding is that on most (all?) common OSes, the scheme (prefix) of a URL can be registered with a handling application to create deep links. For example, mailto deep links to the default email app, which is why you can pop a mailto:some@address.com on a website and it becomes interactive.

So, in theory, a wallet app can register solana: and when such links are interacted with, the wallet app can pop open with the payment all setup and ready to send. Now, I'm not sure whether that also means solana: URLs embedded in web pages will become interactive, but I do think a URL as the payload in an NFC tag will launch the handling app.

https://developer.apple.com/documentation/xcode/defining-a-custom-url-scheme-for-your-app

All that's then needed is a rewritable NFC chip/thing connected via USB to a terminal. When payment is due, it writes the URL to the NFC and the customer can wave their phone over it.

My own immediate thought was to produce nice looking "tip jars" and charity donation "boxes" using the single-write NFC tokens you can buy for cheap. I'm going to test with the QR code this weekend. If I get it working I'd like to take the idea to my local hair salon. I haven't used cash for years and it's embarrassing because I can never tip them (it's an accounting nightmare for them to take a tip via card).

I'm almost 100% sure a normal http* URL in an NFC tag will open that web page, so at least the site code could process the requested URL, then return an embeded deep link in the page, which then opens the wallet.

https://takuma-kakehi.medium.com/bring-users-back-to-your-app-deep-linking-for-ios-5c57d8d85c2d

However, there is a security/UX concern. The handling app would have to take great care not to make it too easy to accidentally send money. Consider an attacker with a programmed NFC tag causing people's phones to trigger a payment. Obviously, the user would have to tap something to send, but I guess its feasible with billions of people that they could accidentally hit send while their phone is in their pocket. E.g. I could put tags in the seats of a busy buses.

Thanks!

jordaaash commented 2 years ago

The handling app would have to take great care not to make it too easy to accidentally send money. Consider an attacker with a programmed NFC tag causing people's phones to trigger a payment.

I think in this case the user would tap to see the payment request, and then slide to approve it with their wallet to sign and send it. Does that alleviate the security concern?

jordaaash commented 2 years ago

So, in theory, a wallet app can register solana: and when such links are interacted with, the wallet app can pop open with the payment all setup and ready to send.

FTX's app currently registers itself as a handler of solana: links. This could likely be used for testing -- if you install it and scan a Solana Pay QR code, it should prompt you to open it with FTX's Blockfolio app.

lukepuplett commented 2 years ago

Awesome. I will have a play this weekend and order some NFC tags for some experiments.

lukepuplett commented 2 years ago

For the benefit of those that don't have FTX installed, the QR code scanning works nicely. You can scan from the FTX app via the gear icon, or just point the iPhone camera at it and tap the "Open in FTX" label that hovers over it. This bodes well for an NFC tag, I think. I ordered some yesterday, they're cheap on Amazon, but I'm not sure on delivery time.

The Phantom wallet doesn't work as of 6 Feb. Its scanner is looking for a regular SOL address and it doesn't seem to register the solana: scheme so the iPhone camera app doesn't know what to do with the QR code.

The action for now, is to update the docs to remind wallet integrators to register the URL scheme in iOS or Android. Cheers.

jordaaash commented 2 years ago

The Phantom wallet doesn't work as of 6 Feb.

It's on their radar! Just didn't get in before their launch this week.

The action for now, is to update the docs to remind wallet integrators to register the URL scheme in iOS or Android.

~Good call out. A PR is very welcome if you have time!~

This was done in #60. Thanks @lukepuplett!

lukepuplett commented 2 years ago

Alright, so tonight I got an NFC tag to launch FTX with a prepared transaction!

My first attempts failed, both on iPhone and Android, but I have it working on my wife's iPhone X. This is surprising as I'd read that iOS was stricter with NFC and needed an appropriate app running, but perhaps the new Shortcuts means it's now always on (you can use NFC as a trigger for Shortcuts (macros)).

Android reads the tag but does not do anything, but I think that's just because the FTX app has not been updated yet; I tried the QR code on my Android and it also does nothing.

I used the NXP TagWriter app on my Android phone to first format and then write a "Link" with a custom URL. I think my first failed attempts were because I put something in the description field, or maybe choosing "Link" also adds some extra metadata, and perhaps I wrote it just as text last time, I can't remember.

This article may be useful to some.

https://learn.gototags.com/articles/how-to-read-nfc-tags-with-an-iphone-app-with-ios-11#:~:text=Only%20the%20iPhone%207%2C%20iPhone,6%20to%20read%20NFC%20tags.&text=An%20app%20is%20required%20to%20use%20the%20NFC%20SDK%20on%20iOS.

There were originally two taps required by the phone user; the phone presents a toast notification which when tapped presented another confirmation to open in FTX. This second dialog doesn't seem to pop up on subsequent tries.

I'm not sure that there's any reason to keep this issue open now. I'll be looking out for an update to FTX for Android and trying that as Android is the more popular OS (not amongst anyone I know, but apparently so).

I hope that's been useful for you all. There's a barber in my town and the boys there seem to be into their crypto, so I'll go and see if I can explain how they might setup a tip jar wallet and signage with a tag to scan.

jordaaash commented 2 years ago

Thanks so much for testing out. Besides what you added in #60, is there any guidance we should provide merchants and wallets with?

lukepuplett commented 2 years ago

It's so new. There's so much education to be done, even to trial something. I think a men's barber is a good vector because young men are more likely to know what FTX (or definitely Binance) is, and Solana. Seeing a Solana Pay tip jar will make sense to them. A charity box in a city gym might be another idea, or collection to sponsor a boxer in a boxing gym.

Right now, I'm guessing the Solana Pay and FTX logos, as well as the QR code and the NFC (wifi type) logo would all need displaying and the merchant would have to pick the right type of customer to have the conversation with, about what it is. Obviously, eventually it'll become normal.

There are two young guys in my town that run salons. Maybe they'll think I'm crazy. I don't know yet.

sailplaneTW commented 2 years ago

Hello We are RevtelTech ( https://www.revtel.tech/en ) , a tech company in Taiwan.

Our company do many NFC developing and research, like

  1. NFC cold wallet start-up : https://revteltech.pse.is/3wfdu3
  2. react-native-nfc-manager: we are the major maintainer https://github.com/revtel/react-native-nfc-manager
  3. sharing https://revteltech.pse.is/3v4ahm

Actually, both Android and iOS allow custom APP using NFC read/write function after 2019-end. NFC tag could also trigger some behavior (phone call, mail sending, web link opening, ...) directly without APP support.

These days we have developed some special product for connecting NFT and gift. Demo video : https://www.youtube.com/watch?v=Y9GMAg6yZcI I think it could be apply to payment scenario too.

If you need any technical consult or support, maybe we could share our resource and experiences