Domain Steem with JavaScript: Lesson #6 - Account Authorities

alejos7ven (81)in #devwithseven • 2 days ago

^{Created with canva}

In this course we have learned to read and interpret blockchain information, we have learned how to perform transactions, and we have learned to use an extension to be able to execute transactions securely from our browser. For the last part of this Course I want us to learn how to handle the account authorities, allowing students to make basic applications and correctly manage the use of private passwords in case they require it.

First, it is possible to grant permission to other users to perform certain types of operations with your account, this is achieved with the authorities. Imagine that you have a website that allows users to program a publication to be published later at a certain time, as a developer you should never store other people's private keys, so what is the solution?

We know that to publish the private posting key is necessary, so we could ask the user for the authority to make posting transactions with their account. In this way he would give us permission using steem keychain, and once we have it it is possible to use our own posting key to make transactions with this level of permissions on behalf of the user who has authorized you.

The user can revoke this permission at any time and without having to change their passwords, so in this way it avoids exposing themselves and allows other people to perform operations with their account safely.

How to grant/revoke permissions?

To teach you how to manage your permissions I have used the following HTML website with two forms, one that allows us to add permissions and the second that allows us to revoke permissions in the same way. All this using Steem Keychain to never expose your keys.

Captura de pantalla 2025-01-19 a la(s) 2.27.54 p. m..png

Captura de pantalla 2025-01-19 a la(s) 2.28.46 p. m..png

It is a simple form that asks for the username, the account to which you will grant permissions, the type of permissions (Posting/Active) and the weight that usually with 1 is enough. Using the method steem_keychain.requestAddAccountAuthority with the following parameters we can add permissions to another Steem account. And with the method steem_keychain.requestRemoveAccountAuthority we can remove these permissions using parameters the user, the account to be removed, and the type of role (Posting/Active)

We are going to use the account we used in previous lessons @eight888 to authorize @steem-seven to perform Posting operations with this account.

Captura de pantalla 2025-01-19 a la(s) 2.50.20 p. m..png

If we check in our favorite block explorer we will see how the account has been updated and the permissions have been granted.

Captura de pantalla 2025-01-19 a la(s) 2.42.35 p. m..png

^{https://ecosynthesizer.com/steem/trx/7a389eaa49f36ff7a77d6e592f57917bf30c142b}

Captura de pantalla 2025-01-19 a la(s) 2.26.26 p. m..png

^{https://ecosynthesizer.com/steem/@eight888}

Now we are going to use our previous code to create publications and we are going to make a test post with eight888, the funny thing is that we are not going to use the Posting key of this account, but we will use the password of @steem-seven.

To use the keys to which you have been authorized, just use your own password, in this case I configured the transaction so that the publication was published by eight888, but I used the Posting key of steem-seven, as this key has permissions that I previously gave it, the publication was created without any problem as if we had used the original password of this user.

Captura de pantalla 2025-01-19 a la(s) 2.57.17 p. m..png

^{https://steemit.com/steem/@eight888/steemjs-course-19-id-4253}

Now we are going to remove the permissions for steem-seven, and we are going to try to create a publication in the same way.

Captura de pantalla 2025-01-19 a la(s) 2.59.03 p. m..png

Now we try to create the publication and we will see the following message:

Captura de pantalla 2025-01-19 a la(s) 2.19.56 p. m..png

As I am using the private key of steem-seven, we can see how in this case the error message is that we lack the necessary authority to perform Posting operations with eight888. This method allows us to authorize other people or revoke those permissions in a matter of seconds, so we can create interactive applications where users can perform different actions without having to expose their keys.

In this way you could create an application where the first time users enter you request necessary permissions to be used, and then you create a system where the user simply has to log in with his private password and verify that this key is the correct one on the client side, so you would keep the passwords of your users safe and you could perform the actions for which you have destined your application.

Homework

Present your final project to the entire community, it must fulfill at least one of the main functions that you proposed in your previous task. You must present your code in a [GitHub] repository (https://github.com/) or other similar code management services. It will be evaluated according to the following criteria:

Functionality (must fulfill its function) [5 PTS]
Instructions to execute the project. [2 PTS]
Creativity. [2 PTS]
Good practices. (Good code, secure, no keys are exposed, etc.) [1 PTS]

If you need help when developing something specific, do not hesitate to contact me.

Rules

The content must be #steemexclusive.
The article must contain the tag #steemjs-s22w6.
Plagiarism is not allowed.
The link of your task must be added in the comments of this publication.
The course will be open for 7 days from 00:00 UTC on January 20. After the deadline, users will be able to continue participating without applying for prizes with the aim of allowing more people in time to take advantage of this content.