Allow to append role to username to avoid accidental logins with unintended role
Steemians have keys for authenticating as different roles on Steemit. SteemConnect allows Steemians to securely log into third-party sites without giving private keys to the owners of these sites.
On Steemit, a user can login with the username and one of the keys. The role is then determined based on the given key. However, users can also enter usernames in the form username/role, like for example snug/posting. When the username is given like this for login, the UI only accepts the key that corresponds with the given role, so in this example, Steemit only accepts my private posting key and rejects any other key. This feature helps to avoid accidental login with the wrong role, such as using the owner key when it was intended to login with the posting key. While this is just a UX tweak, I consider this a feature that affects the security of user accounts.
Since SteemConnect does not recognize the described format, I suggest that SteemConnect gets aligned with the Steemit behavior, so users can use the same way that they use on Steemit to login with SteemConnect.
Attachments
Posted on Utopian.io - Rewarding Open Source Contributors