Add "Click to Sign" variant of Click to Pay

[AdamBLevine]

It's time for us to integrate Bitcoin 2-factor authentication into Tokenly Accounts in the near future. It would be great if Pockets made this much easier for the user by providing a click-to-pay type experience and integration with this feature.

[loon3]

Can you give me an example workflow?

[AdamBLevine]

Taking the address verifier at LTB as an example, a user is presented with a message they need to sign - The "Click to Sign" function should allow the wallet to detect the scheme and put a simple button near it. When clicked the wallet should load a new tab, when a user unlocks the wallet the message field and signing address are pre-populated. The user clicks "Sign" and then the simplest thing would be to copy the signed message to the clipboard.

This means the process is click - unlock - confirm info then sign & copy - paste - submit

Compared to the current workflow which is Copy Message - Open wallet - Unlock Wallet - Apps Tab - Sign Message Tab - Select Address - Paste Message - Sign & Copy - Paste - Submit

I'm open to suggestions about deeper integrations where the user just has to confirm and click rather then also has to then paste the message. Onename is about to come out with an open source chrome extension that allows users to click-to-login that uses signing and some sort of transmission mechanism so it might be good to look at that. Frankly I really want to integrate into Onename's system, they're all open source and very collaborative - I think the work we're doing fits right in as another facet.

[loon3]

If the implementation is meant to replicate the login security of a 2-factor auth, it doesn't make a lot of sense to use the "sign message" nomenclature as it will be confusing to most users. A simpler approach would be for the Tokenly sign-in page to dynamically create a button that says 'Sign in with Pockets' (using the same method as the 'Pay with Pockets' button). The dynamically created button would contain a data attribute with the unique message to be signed. Once clicked, the wallet would sign the message using the private key corresponding to the public key associated with account (after prompting user for pin if the wallet is encrypted) and send the signature to the Tokenly Server via JSON which would then log the user into the account.

[AdamBLevine]

That makes sense to me, I actually sort of imagine we'd just have different buttons for different purposes. The ones that come to mind are "verify" and "login" which have different functions but would use the same mechanics in pretty much an identical way.