The downside of stateless


Status
Not open for further replies.

PHolder

Well-known member
May 19, 2018
1,232
205
@Steve's SQRL client is intentionally stateless. There is a downside to this. If I want to have one site where I disable SQRL Only for site specific reasons, but want it generally enabled everywhere else, there is no easy way to achieve this. Because of the way the client and flags are implemented, the only option would be ask before sending the flags to any given site. (Which would imply being able to query them first, which I don't believe is a function currently implemented with the protocol.)
 

shanedk

Well-known member
May 20, 2018
421
113
I'm not sure what you're asking. The sqrlonly flag can be completely ignored by a particular site and there's nothing the client or anyone else can do to enforce it. Just have that one site where it's not used, and use it everywhere else.
 

Vela Nanashi

Well-known member
May 19, 2018
720
124
I think @PHolder means that there is no way for @Steve's client to currently send site specific settings. In his example if you want to keep your regular login on some sites (SQRL Only disabled for those), but those sites do support that flag, and on most sites you want to have SQRL Only enabled.

Though I don't know why you would want that. I could see more of a point to being able to disable SQRL on one specific site that you don't want to have access to while traveling with your SQRL, until you get home and use the rescue code to unlock that site again. That too would be, I believe, if not impossible, at least hard to achieve with the client as currently designed, but it would be a fringe use case anyway.
 
Status
Not open for further replies.