(More thoughts about http://itch.io/post/10420)

It would probably be a better experience for most people if they can set their identity once in the app and never have to think about it again, rather than logging in manually to every server. Maybe you just setup a username and an avatar when you install the app and it's cached locally and it sends a copy to each server you connect to (and automatically updates it if it changed).

There should be a way for the server to know that it's you again and that it should let you log back in with your existing editing rights.

We also need some way to carry one's user settings across several projects and servers. And then, we need a way to save, restore and sync our settings from multiple places.

I don't know how/if we can do that in a way that's convenient for everyday users, without ending up with a centralized, if optional, authentication system.

There's the possibility of doing something like 1) the server sends a challenge key 2) the user has a private key that gets hashed with the challenge key + the server IP and returned to the server. 3) If it matches the value the server expected, then the user is authenticated.

Something to that effect, except we'd want to use a pre-built and tested cryptographic primitive that does everything for us so that we don't screw it up. But that doesn't fix the whole question of "where are my settings stored and how are they synchronized?"

I think that keeping the users settings in local should be the way to do it, but there is two problems I see.

• First of all that means that if the user is using another computer or device he won't have his settings and will have to reconfigure all of his stuff all over again.
• Secondly that's also may cause a problem when using Superpowers on a web browser like Chrome or Firefox since we cannot access the local storage on any web browser.

Since we apparently can't escape to the global server to keep users settings, it would be nice to have it completely optional and to have a way to store the settings locally and eventually have the possibility to sync them later on. To let the user to have the choice to, whether or not, log in to the main server and sync their user settings.

@Elisee, did you think of a global sync or just "go fetch my conf on this server" ?

So we got 2 places to save data :

• Classic superpowers server - SupServ
• Local

And 2 clients possibilities :

• Browser
• SupClient

SupClient : local storage gives us every config needed, even on a new computer it could be get from SupServ
Browser : SupServ can keep the config for each users.

So the only real issue is when connecting to a new server through a browser. This feels pretty specific.

Obviously with the hypothesis that a SupServ will not handle 10k+ different users. Saving everybody's config could become heavy.

@Elisee, did you think of a global sync or just "go fetch my conf on this server" ?

Basically, some Superpowers users will regularly hop onto various servers. It would be a nice thing to let them use their profile and preferences everywhere without any manual intervention (or as little as possible).

Obviously with the hypothesis that a SupServ will not handle 10k+ different users. Saving everybody's config could become heavy.

That sounds like a very reasonable hypothesis to me. I think it is OK to think of the Superpowers server as designed to host maybe a few dozens of users at once, not more. That design goal can always change later if we come up with a reason to do so.

I've written up a design proposal on GitHub, feedback wanted! https://github.com/superpowers/superpowers/issues/55