Flow V3.x.x: Enhanced Authentication & Authorization

Introduction

This article dives deep into the exciting updates coming in Flow's v3.x.x release, focusing on the modernization and unification of the authentication and authorization user interface and user experience across both mobile and extension platforms. This update doesn't change the core mechanics of connecting, authenticating, and authorizing actions with apps. Instead, it delivers significant visual and structural improvements. The primary functional addition is the integration of a new Blockaid warning module, providing dynamic threat detection and warnings. This article will provide a detailed overview of the changes, goals, user stories, and UI/UX enhancements included in this release.

Understanding the Need for Updated Authentication and Authorization

In today's digital landscape, where blockchain technology is rapidly evolving, authentication and authorization play pivotal roles in ensuring secure and seamless user experiences. For platforms like Flow, which are designed to handle a variety of applications ranging from decentralized finance (DeFi) to non-fungible tokens (NFTs), a robust and intuitive authentication and authorization system is paramount. With the growing number of users interacting with blockchain applications on different devices, it became essential to unify the user experience across mobile and extension platforms. This not only simplifies the user journey but also enhances security by providing a consistent interface that users can trust.

The Challenges of Current Systems

Previously, the authentication and authorization processes on Flow had inconsistencies between mobile and extension platforms. This fragmentation could lead to user confusion and potential security vulnerabilities. For instance, a user accustomed to the mobile interface might find the extension interface unfamiliar, leading to uncertainty and errors. Moreover, as the complexity of blockchain interactions increases, users need more context about the actions they are approving. This includes understanding the implications of signing a transaction or connecting to a new application. Addressing these challenges required a comprehensive overhaul of the UI/UX, ensuring that every user interaction is clear, secure, and consistent.

The Solution: A Unified and Modernized Approach

The Flow v3.x.x release directly tackles these challenges by introducing a modernized and unified UI/UX for authentication and authorization. This means that whether a user is interacting with a decentralized application (dApp) on their mobile device or through a browser extension, the experience will be consistent and intuitive. This consistency reduces the cognitive load on users, making it easier for them to understand and manage their interactions with the blockchain. By standardizing the authentication and authorization flows, Flow is not only enhancing usability but also strengthening the security posture of the platform. This unified approach ensures that users can confidently interact with the Flow blockchain, knowing that they have the tools and information they need to make informed decisions.

Overview of v3.x.x Authentication and Authorization Updates

Key Focus: Modernization and Unification

The core objective of this release is to modernize and unify the authentication and authorization UI/UX across both mobile and extension platforms. This means a consistent look and feel, regardless of whether a user is interacting via a mobile app or a browser extension. The underlying mechanics of connecting, authenticating, and authorizing actions with applications remain the same, ensuring backward compatibility and stability. The focus is purely on visual and structural enhancements to improve the user experience.

Introduction of the Blockaid Warning Module

A significant addition in this release is the new Blockaid warning module. This module is designed to enhance security by dynamically flagging potential threats. It appears at the bottom of every authentication or authorization screen, providing real-time warnings about potential risks. The Blockaid module is capable of detecting various threats, including:

• Interactions with known malicious accounts
• Interactions with known malicious smart contracts
• Suspicious or deceptive request patterns
• Other threat types that Blockaid may detect over time

By providing these warnings, Blockaid helps users make informed decisions and avoid potentially harmful interactions within the Flow ecosystem.

Updated Surfaces

The v3.x.x release updates the UI for the following five key surfaces, ensuring a consistent and secure experience across the board:

1. Send NFT summary page (user-initiated send): Provides a clear overview when a user initiates a transaction to send a non-fungible token (NFT).
2. Send fungible token summary page (user-initiated send): Offers a detailed summary when a user sends fungible tokens, such as FUSD.
3. Authentication page when connecting to a Cadence or EVM app: Displays a standardized interface when a user connects their wallet to a Cadence or Ethereum Virtual Machine (EVM) application.
4. Authorization page when signing a Cadence transaction: Presents a clear summary of the transaction details before the user approves it.
5. Authorization page when signing an EVM transaction: Similar to Cadence transactions, this page provides a detailed overview before authorizing an EVM transaction.

The Significance of these Updates

This release marks a significant step forward in enhancing the security and usability of the Flow platform. By bringing all authentication surfaces to a consistent standard and introducing dynamic safety warnings via Blockaid, Flow is ensuring that users have a safe and intuitive experience when interacting with dApps and the blockchain. These updates not only improve the current user experience but also lay the groundwork for future enhancements and features.

Goals and Success Criteria

Primary Goals

The v3.x.x release has several key goals aimed at improving the user experience and security of the Flow platform. These goals are centered around providing a secure and comprehensible authentication and authorization process for users. The primary objectives include:

1. Secure and Comprehensible Flows: The most crucial goal is to provide authentication and authorization flows that are both secure and easy to understand. Users should be able to confidently interact with applications, knowing that their assets and data are protected. This involves designing interfaces that clearly communicate the actions being authorized and the potential risks involved. The use of the Blockaid warning module is a significant step in this direction, providing real-time feedback on potential threats.
2. Sufficient Context for Users: Ensuring users have sufficient context about what they are approving is vital. This means presenting clear and concise summaries of transactions, permissions, and potential impacts. By giving users the information they need, Flow empowers them to make informed decisions and avoid unintended consequences. This goal is achieved through detailed transaction summaries, clear permission requests, and intuitive UI elements that highlight key information.
3. Standardized Authentication UX: The standardization of the authentication user experience across mobile and extension platforms is a core objective. This consistency helps users feel more comfortable and confident when interacting with the Flow ecosystem, regardless of the device they are using. A unified UX reduces confusion and makes it easier for users to navigate different applications and services within the Flow ecosystem.

Anti-Goals

It's also important to define what this release is not intended to do. This helps to set expectations and maintain focus. The primary anti-goal for v3.x.x is:

• No Changes to Underlying Mechanics: This release is strictly focused on UI/UX improvements. It does not change the fundamental authentication or authorization mechanics. This means that the core security protocols and transaction processing logic remain unchanged, ensuring stability and backward compatibility. The focus is solely on making the existing system more user-friendly and secure through visual and structural enhancements.

Success Metrics

To measure the success of the v3.x.x release, specific metrics have been identified. These metrics provide a quantitative measure of how well the goals are being achieved. The key success metric is:

• Successful Authentication and Authorization Rate: A critical metric for assessing the success of the updated flows is the percentage of users who can successfully authenticate and authorize actions. The target is set at ≥ 99%, indicating a high level of usability and reliability. This metric will be closely monitored after the release to ensure that the new UI/UX is performing as expected and that users are not encountering significant issues.

The Importance of Achieving these Goals

Achieving these goals is crucial for the long-term success of the Flow platform. By providing a secure, intuitive, and consistent user experience, Flow can attract and retain a broader user base. This, in turn, can drive increased adoption of the platform and its applications. A focus on usability and security is essential for building trust within the community and ensuring the continued growth of the Flow ecosystem. The success of v3.x.x will pave the way for future enhancements and innovations on the platform.

User Stories

To further illustrate the impact of the v3.x.x release, let's examine specific user stories that highlight the key improvements and benefits. These user stories are designed to capture the perspectives and needs of different users interacting with the Flow platform.

ID	Feature	Description
US3.10-1	Connect Wallet	As a user, I want a clear dialog when an app requests access so I know what I’m granting.
US3.10-2	Select Account to Connect	As a user with multiple accounts, I want to choose the account that holds the assets I intend to use in the app.
US3.10-3	Sign Cadence or EVM Transaction	As a user, I want to see a clear summary of a transaction before I approve it so I understand what will happen.
US3.10-4	Blockaid Threat Warnings	As a user, I want to be warned when Blockaid detects that I might be interacting with a malicious account, contract, or other suspicious state.
US3.10-5	In-App Send Summary Screens	As a user, I want clear summary screens when sending tokens or NFTs so I can verify details before confirming.

Connect Wallet (US3.10-1)

User Story: As a user, I want a clear dialog when an app requests access so I know what I’m granting.

Explanation: When a decentralized application (dApp) requests access to a user's wallet, it's crucial that the user understands what permissions they are granting. The updated authentication flow in v3.x.x provides a clear and concise dialog box that outlines the specific permissions being requested. This ensures that users can make informed decisions about whether to connect their wallet to the application. The improved dialog box includes details such as the app's name, the scope of access being requested, and any potential risks. This added transparency helps build trust and confidence in the platform.

Select Account to Connect (US3.10-2)

User Story: As a user with multiple accounts, I want to choose the account that holds the assets I intend to use in the app.

Explanation: Many users have multiple accounts for various purposes, such as separating personal and business assets or managing different types of tokens. The v3.x.x release enhances the account selection process, making it easier for users to choose the appropriate account when connecting to an application. The updated UI provides a clear list of accounts, along with relevant information such as the account balance and the tokens held within each account. This allows users to quickly identify and select the correct account, ensuring they are using the intended assets for their interactions.

Sign Cadence or EVM Transaction (US3.10-3)

User Story: As a user, I want to see a clear summary of a transaction before I approve it so I understand what will happen.

Explanation: Before signing a transaction, it's essential for users to understand the details of the transaction, including the amount being transferred, the recipient, and any associated fees. The v3.x.x release provides a detailed transaction summary screen that presents this information in a clear and easy-to-understand format. This summary helps users verify that the transaction is correct and prevents them from accidentally approving unintended actions. The transaction summary includes all relevant details, such as the contract being interacted with, the functions being called, and the parameters being passed. This level of detail empowers users to make informed decisions and protect their assets.

Blockaid Threat Warnings (US3.10-4)

User Story: As a user, I want to be warned when Blockaid detects that I might be interacting with a malicious account, contract, or other suspicious state.

Explanation: Security is a top priority for the Flow platform, and the integration of the Blockaid warning module in v3.x.x significantly enhances the platform's security posture. Blockaid dynamically analyzes interactions and flags potential threats, such as malicious accounts or contracts. When a threat is detected, the user is presented with a clear warning message, providing them with the information they need to avoid potentially harmful interactions. This real-time threat detection helps protect users from scams, phishing attacks, and other malicious activities. The Blockaid warning module is a crucial component of the updated authentication and authorization flows, adding an extra layer of security for users.

In-App Send Summary Screens (US3.10-5)

User Story: As a user, I want clear summary screens when sending tokens or NFTs so I can verify details before confirming.

Explanation: When sending tokens or NFTs, users need to verify the details of the transaction before confirming it. The v3.x.x release provides clear summary screens for these actions, presenting the user with all the relevant information, such as the recipient's address, the amount being sent, and any associated fees. These summary screens help users avoid errors and ensure that their assets are being sent to the correct destination. The detailed summaries provide peace of mind and enhance the overall user experience.

UI/UX Enhancements

The v3.x.x release brings significant UI/UX enhancements aimed at achieving visual and structural parity across mobile and extension platforms. These updates are designed to provide a consistent, intuitive, and secure user experience, regardless of the device or platform being used.

Visual and Structural Parity

A primary goal of the UI/UX updates is to ensure that all authentication and authorization screens have a consistent look and feel across both mobile and extension platforms. This means that users will encounter a familiar interface whether they are interacting with a dApp on their mobile device or through a browser extension. This consistency reduces the cognitive load on users and makes it easier for them to navigate the Flow ecosystem. The visual and structural parity includes consistent layouts, typography, color schemes, and UI elements, creating a cohesive experience across all platforms.

Blockaid Warning Module

Each authentication and authorization screen now includes the Blockaid warning module. This module dynamically displays relevant security warnings, providing users with real-time feedback on potential threats. The warnings are designed to be clear and concise, highlighting the specific risks associated with the interaction. By integrating Blockaid warnings directly into the UI, Flow is ensuring that users are always aware of potential security issues and can make informed decisions about their interactions.

Key UI/UX Improvements

• Clear and Concise Dialogs: The dialogs for connecting wallets and authorizing transactions have been redesigned to be more clear and concise. Key information is presented prominently, making it easier for users to understand the implications of their actions.
• Intuitive Account Selection: The account selection process has been streamlined, allowing users to quickly choose the correct account when connecting to an application. The updated UI provides a clear list of accounts, along with relevant information such as the account balance and the tokens held within each account.
• Detailed Transaction Summaries: Transaction summaries have been enhanced to provide users with a comprehensive overview of the transaction details. This includes information such as the amount being transferred, the recipient's address, and any associated fees.
• Dynamic Security Warnings: The Blockaid warning module provides dynamic security warnings, alerting users to potential threats in real-time. These warnings help users avoid scams, phishing attacks, and other malicious activities.

Figma Design Files

For a comprehensive overview of the UI/UX details, refer to the Figma file available here. This file provides a detailed look at the design specifications and mockups for the updated authentication and authorization flows. The Figma file includes detailed designs for all the updated screens, as well as interactive prototypes that allow users to experience the new UI/UX firsthand.

Rollout Plan

Target Release

The target release for the v3.x.x update is set for v3.x.x. This release will include all the UI/UX enhancements described in this article, as well as the integration of the Blockaid warning module. The release is designed to provide a seamless upgrade experience for users, with minimal disruption to existing workflows.

Target Deadline

The target deadline for the v3.x.x release is currently To Be Determined (TBD). The development team is working diligently to finalize the updates and ensure that they meet the highest standards of quality and security. An official release date will be announced once all testing and validation processes are complete.

Owners

The owners for the v3.x.x release are currently To Be Determined (TBD). The project is being managed by a dedicated team of engineers, designers, and product managers, who are responsible for overseeing the development, testing, and deployment of the updates. The specific individuals responsible for each aspect of the release will be announced shortly.

Conclusion

The v3.x.x release represents a significant step forward in enhancing the security and usability of the Flow platform. By modernizing and unifying the authentication and authorization UI/UX, Flow is providing users with a more consistent, intuitive, and secure experience. The integration of the Blockaid warning module adds an extra layer of security, helping users avoid potential threats and scams. These updates are crucial for building trust within the community and driving the continued adoption of the Flow platform.

For more information on blockchain technology and security, visit ConsenSys. This external resource offers valuable insights and expertise in the field of blockchain.