Closed Please test a new SQRL-enabled site. https://sarah.gives/login


diabolic

Active member
Oct 18, 2019
34
3
Hi,

My friend launched a new blog recently, so I helped her add SQRL login using Daniel's fantastic wordpress plugin. (I made some visual simplifications to clean it up). I also have enabled other social logins, such as google, apple, and twitter, so you can compare the experience of logging in with those as well.

I've also disabled traditional username and password login/registration, so you can only use SQRL or other social logins.

Feel free to check it out here, and provide any feedback if it does or doesn't work for you (Please include what browser, SQRL client, device you are using)

 

Dave

Well-known member
May 19, 2018
484
99
Gardner, MA
Hi,

My friend launched a new blog recently, so I helped her add SQRL login using Daniel's fantastic wordpress plugin. (I made some visual simplifications to clean it up). I also have enabled other social logins, such as google, apple, and twitter, so you can compare the experience of logging in with those as well.

I've also disabled traditional username and password login/registration, so you can only use SQRL or other social logins.

Feel free to check it out here, and provide any feedback if it does or doesn't work for you (Please include what browser, SQRL client, device you are using)

Worked fine! Logged in on a desktop using both the GRC version and scanning the QR code with the Android app.

The only hiccup is that, when I choose "Logout", the log back in options do not include SQRL.
 

diabolic

Active member
Oct 18, 2019
34
3
Worked fine! Logged in on a desktop using both the GRC version and scanning the QR code with the Android app.

The only hiccup is that, when I choose "Logout", the log back in options do not include SQRL.
thanks for the feedback! Yes, I can't figure out how to put the SQRL code anywhere on the site. Right now it's constrained to the login.php script only which is why it doesn't show up alongside the other options.I could probably do it with a few more hours of work....
 

PHolder

Well-known member
May 19, 2018
1,207
202
Nice job. I tried without JavaScript and of course I got a warning about missing anti-spoof. There's nothing much than you can do about that, other than to note it on any help text. You might also through some text on the registration page noting that choosing anonymous means you will forever receive a large number as an unchangeable user ID.
 

diabolic

Active member
Oct 18, 2019
34
3
Nice job. I tried without JavaScript and of course I got a warning about missing anti-spoof. There's nothing much than you can do about that, other than to note it on any help text. You might also throw some text on the registration page noting that choosing anonymous means you will forever receive a large number as an unchangeable user ID.
Thanks for the feedback!
 

DanR

Member
May 19, 2018
12
2
Minnesota, USA
Firefox 82.0.1, GRC SQRL client

It now seems to be working fine for me now! I had to allow scripting, etc. with UBlock Origin for the site's SQRL login to work. Par for the course with UBO on a new first time website.

After a few failed tries it now works fine for me with Jeffa's iPhone client on my iPhone (after the aforementioned UBO tweaks).

I note that logging out takes me to a login page with no SQRL login, as another poster noted. However, clicking the log in link just above and to the left of the normal login stuff takes me to a SQRL login page which works.
 

diabolic

Active member
Oct 18, 2019
34
3
Firefox 82.0.1, GRC SQRL client

It now seems to be working fine for me now! I had to allow scripting, etc. with UBlock Origin for the site's SQRL login to work. Par for the course with UBO on a new first time website.

After a few failed tries it now works fine for me with Jeffa's iPhone client on my iPhone (after the aforementioned UBO tweaks).

I note that logging out takes me to a login page with no SQRL login, as another poster noted. However, clicking the log in link just above and to the left of the normal login stuff takes me to a SQRL login page which works.
yes, thanks. That's a limitation of the plugin and wordpress's implementation of login. I need to figure out how to create the HTML snippet for the other areas in wordpress.
 

diabolic

Active member
Oct 18, 2019
34
3
Hmm, I'm seeing CPS errors now with the stock SQRL plugin and Steve's SQRL app. Anyone else care to confirm? I can't figure out if this is something I did, or if the wordpress plugin has always worked this way.
 

diabolic

Active member
Oct 18, 2019
34
3
I also made some cosmetic changes to the SQRL login interface, drastically simplifying it and making it appear in similar style to other social logins. Please let me know if you like/dislike the changes!
 

Paul F

Well-known member
Apr 11, 2019
96
29
Toronto
I tried the following with GRC's sqrl client and an ID not yet registered with sara.gives

1 Go to https://sarah.gives/wp-login.php
2 Click Sign in with SQRL
3 Enter SQRL password, click OK
4 Instead of registering, click the browser back arrow
Note the nut hasn't changed
6 Click Sign in with SQRL
7 Enter SQRL password, click OK
8 SQRL reports Website SQRL protocol error
The site returned tif=20 but nut= and qry= are missing

p.s. The login page looks good. My first reaction was it would be nice if the Sign in with SQRL button looked the same as the other sign in buttons so it's obvious that you can click on it, but then you have the problem of dealing with the QR code without making things more complicated.
 
  • Like
Reactions: diabolic

diabolic

Active member
Oct 18, 2019
34
3
I tried the following with GRC's sqrl client and an ID not yet registered with sara.gives

1 Go to https://sarah.gives/wp-login.php
2 Click Sign in with SQRL
3 Enter SQRL password, click OK
4 Instead of registering, click the browser back arrow
Note the nut hasn't changed
6 Click Sign in with SQRL
7 Enter SQRL password, click OK
8 SQRL reports Website SQRL protocol error
The site returned tif=20 but nut= and qry= are missing

p.s. The login page looks good. My first reaction was it would be nice if the Sign in with SQRL button looked the same as the other sign in buttons so it's obvious that you can click on it, but then you have the problem of dealing with the QR code without making things more complicated.
interesting. What is the expected behavior? I guess I can't control what the plug-in does or doesn't do with stale nuts. I just tested that process on this forum site and the same problem occurs, so I guess this is just a side effect of SQRL. No problem though because a page refresh generates a fresh but.

also your cosmetic feedback is exactly what I've done. The SQRL button looks like the others, and it's clickable anywhere, including the QR code. I'm glad you like it!
 

Paul F

Well-known member
Apr 11, 2019
96
29
Toronto
interesting. What is the expected behavior?
The server is returning tif=20, a transient error. In its response the server has to include the parameters nut=<value> (with a fresh nut) and qry=<value>. These parameters are required in the SQRL protocol. See https://www.grc.com/sqrl/SQRL_On_The_Wire.pdf pages 16 and 19. This may be a WordPress Plugin isssue. I'm not familiar with it.
 
Last edited:

diabolic

Active member
Oct 18, 2019
34
3
The server is returning tif=20, a transient error. In it's response the server has to include the parameters nut=<value> (with a fresh nut) and qry=<value>. These parameters are required in the SQRL protocol. See https://www.grc.com/sqrl/SQRL_On_The_Wire.pdf pages 16 and 19. This may be a WordPress Plugin isssue. I'm not familiar with it.
seems to work fine for me and other folks despite those errors.Unfortunately I can't fix it because it's not my plugin.
 

Paul F

Well-known member
Apr 11, 2019
96
29
Toronto
seems to work fine for me and other folks despite those errors.Unfortunately I can't fix it because it's not my plugin.
Yes, it looks like a plugin bug. I tried another site that uses that plugin, with the same result. It's not a serious problem, but it's nice not to cause SQRL protocol errors. @kalaspuffar may want to look into it sometime.
 

Paul F

Well-known member
Apr 11, 2019
96
29
Toronto
also your cosmetic feedback is exactly what I've done. The SQRL button looks like the others, and it's clickable anywhere, including the QR code. I'm glad you like it!
Yes, though what I meant was to have "Sign in with SQRL" in the same long rectangle shape as the other sign ins, but that separates the QR code making it look like it's for "What is SQRL?" and fixing that just makes things too complicated. I did have another thought: you could add

Click
or
Scan

in the space to the left of the QR code.
 

diabolic

Active member
Oct 18, 2019
34
3
Yes, though what I meant was to have "Sign in with SQRL" in the same long rectangle shape as the other sign ins, but that separates the QR code making it look like it's for "What is SQRL?" and fixing that just makes things too complicated. I did have another thought: you could add

Click
or
Scan

in the space to the left of the QR code.
I played around with that concept and I feel like more words just add clutter. I made the tap/click targets very large so it should be intuitive.
 

diabolic

Active member
Oct 18, 2019
34
3
I also need to find an SVG of the SQRL logo/Icon. Right now I'm using a 32x32px PNG and it's rather ugly when zoomed in. Any idea who designed the original logo?