Decentralized Google Login
Dear Hive Community ❗
Over the past few months, we've been working to bring our ideas for improving authorization on the Hive platform to life.
Our goal was simple: allow users to forget about keys and dedicated passwords, making their interactions with Hive tools as smooth and effortless as possible.
🤔 Decentralized and Google — something doesn't add up here
Most of us have a Google account and use it to sign in to various applications. So why not use it for Hive? Nothing new, you might say — several existing services already offer this option... But here's where we're different.
Our approach keeps everything client-side and preserves your privacy. While we allow you to associate your Google and Hive accounts, this information is stored only on your end. Neither we nor Google will know which Hive account you're using when you authorize with Google.
💡 How It Works
The core idea is to store your Hive credentials in encrypted form (inaccessible to Google or anyone else) on Google Drive. This allows you to access your credentials automatically after signing in to your Google account on any device. No more storing keys in multiple places ❗❗
Why can't Google read your data? Because during setup, we ask you to create a password that encrypts your data before it's sent to Google Drive. This password is used only by the client-side code — we never see it either. As always, we recommend saving this password in a secure location, as you'll need it once on each new device to decrypt the data stored on Google Drive.
Once setup is complete on your device, our login component saves an encryption key derived from your password in your browser's local storage. After that, you won't need to enter your password again — Google authorization alone will be sufficient.
🔐 What if someone accesses my wallet data on Google Drive?
No one can — not even you. That's right: only our application can access the files it saves to your Google Drive.
To achieve this additional layer of security, we've used a dedicated feature offered by the Google Drive API: Storing Application-Specific Data. This means our app can't access other parts of your Drive, and you can't directly access the file we store there. Why is this secure? Because our application must identify itself to Google (during your authentication) using a secret key known only to that specific application deployment. This variable exists only on the server side.
To fully access your keys, the following steps are required:
Authenticate with your Google Account (client-side), using the standard Google OAuth redirect flow. You'll need to complete the setup process, authorize integration with our website, and grant Drive access.
Server-side token extension: Once the initial Google authentication is complete, the application redirects to our server to extend the session token with support for the Google Drive API mentioned above.
Receive the final session token: The token is sent back to the client side to access the file stored on Google Drive.
Decrypt your data: If data already exists on Drive and you have the encryption key stored on your device, the file content will be decrypted automatically. Otherwise, you'll be prompted for your password.
Use your unlocked keys: Now you can use them to sign transactions. As with all our tools, you cannot access private keys directly — this prevents leaks. You can only use them for operations like encrypting data or signing transactions.
You can try this wallet yourself — it's available on our Web Components testing playground: Hive Bridge. Choose Connect your wallet and select Google Drive based implementation:
I hope it will be also available at our Denser deployment (together with all other login providers) soon, to make it available for regular blog users.
Make sure you've already stored your keys in a safe place — our tool only allows you to use them securely.
⚙️ For Developers
This implementation is available as a reusable package that implements the Wax ISignatureProvider interface, so it can easily be used for signing if you've already adopted our earlier implementations like the MetaMask or Keychain signature providers.
For an integration example, check out our testing implementation in the Hive Bridge source code.
We hope this solution represents a small innovation. It's also a step toward direct social login (our package is designed to support multiple cloud storage implementations, not just Google Drive), including Hive account creation.
Thank you for reading. We look forward to your feedback and hope these tools prove useful.
thebeedevs Team
Thebeedevs keeps impressing me. Saw u guys first in this year's hivefest presentation (on utube).
Awesome 👍 information,let me check it out @thebeedevs
Gracias por la información 🍃
This sounds interesting. I'll have to read up on it to understand it properly.
I'm getting a weird error... Maybe someone smarter than me can shed some light.
I am sorry - I a little missed the url: actual one is https://auth.dev.openhive.network
Interesting encryption on keys from hive
Security of the token to decrypt the Drive file is paramount in this process
Very cool. Definitely earned my follow for this one. Ive gotta dig into more of what youre doing over there 👏🏾
Congratulations @thebeedevs! Your post has been a top performer on the Hive blockchain and you have been rewarded with this rare badge
You can view your badges on your board and compare yourself to others in the Ranking
If you no longer want to receive notifications, reply to this comment with the word
STOP