Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Fission powers next generation app publishing.
For developers, they can design a user app using only front end and design skills. The web native app can be installed by 10 or 10,000 users, just like mobile or desktop software. Because the app is running on the user's computer, you can focus on finding new users and adding new features, rather than having to learn DevOps or server scaling.
People using apps create a secure identity in their browsers. Every Fission account is linked to a file system, available in any browser. Much like an open source iCloud, users give permissions to apps, and can access their files from anywhere. Users can browse their file system, both public and private, and mix and match which apps they use, just like they're used to with mobile and desktop apps.
Get started by installing the Fission CLI »
Learn more about Fission Accounts, and try one out by installing the Drive app »
Fission Dashboard shows the verification status of your account. You can resend your verification email if it ended up in your spam.
Like all Fission apps -- including the ones made by Fission directly -- you need to give permission to the Dashboard app to access your account info.
To get setup on different devices or browsers, follow the account linking process
To have access to your account across multiple devices, you need to link them.
When you visit an app on a new device and Sign in with Fission, or if you go directly to the Fission Auth page, you'll be prompted to either create a new account or link an existing one:
If you have an account already, click the sign in button:
The only thing you need to know is your username. Enter it, and hit the link account button:
As you can see, you are now being asked to open the Fission Auth page on your other device. This might be your other computer or perhaps your phone. There is also a short message telling us that this is for the boris0902 username.
Once you open the Fission Auth page on your other device, it will detect the linking request and display a page like this.
The new device you are linking should show the same numbers:
Since we can see the numbers are the same, we can go ahead and hit the "Approve" button, and you'll see this success message.
Switching to the new device you were linking, you'll see this message:
Now you can use either device with full authorization
And yes, this works on mobile too:
The Linking an existing user guide has details on linking accounts used at the command line.
When you create a Fission Account, whether signing up on the web or using the command line as a developer, it creates a username and email address in our service database, and also a private / public key pair representing that account.
We also create a Fission Web Native File System (WNFS) attached to your account, and given you access to Fission Drive, which lets you browse all your files, access them from any browser, and see which apps are attached to your file system.
We verify your email address, and can use that to help manage aspects of your service with us. You hold access to the keys connected to your account, and sign in happens automatically.
We encourage you to "link" your account to multiple devices -- your desktop and your phone, your home and your work computers, and so on. These devices can then be used to login, or link more accounts. You can read more about Account Linking »
Each device gets their own private key using the WebCrypto API built into modern browsers. Private keys shouldn't be copied around, so instead, we link keys indicating they have access to the same account.
There is no "sign out" for a Fission-powered app. You use your key to do a passwordless login, stored in your local desktop browser, mobile web browser, or your local desktop file system with the command line developer tool.
While your device is linked with a key, Fission apps will check that you have a key with the proper permission, and will just let you right in, without having to remember a password or even a username.
This is like your smartphone: only a single user is "logged in" to their personal phone, and they aren't shared.
A Fission app is more like an app that you download on your phone. When you don't want the app anymore, you delete it.
If you want it again in the future, you download it again, by giving permission to the app store to install it. You then might give permission to access other parts of your phone, like the camera or GPS.
We don't delete the data that the app stored for you, since it's stored in your own Fission File System -- just like data is stored on your phone.
As part of signing into an app, an app will ask for certain permissions. Right now, these are mostly related to access to your file system.
By default, every app needs access to an App Folder. You'll need to at least grant access to an App Folder for the app to function correctly.
Instead of signing out, you may want to revoke -- or delete -- an app's access to your account.
You can even revoke access to the default Drive app, but we'll ask you to make an extra confirmation. You'll need to use another tool or developer API access to manage your Fission File System attached to your account.
Browsers and desktop computers aren't smartphones, and they do get shared. You can unlink a device -- remove your key -- by visiting the Fission Auth page.
You may create multiple Fission accounts, but you'll need a unique email address and username for each one. You'll also need to use Browser Profiles to be able to access them at the same time on the same machine, as the keys that grant access are stored in the browser.
Install the Fission command line tools to start publishing from your desktop.
The Fission command line interface (CLI) is the most common way for developers to interact with Fission services.
Use the Homebrew recipe to install the CLI on macOS. This taps and installs in one command:
If you have any issues, check that libcrypto1.1 installed and linked on your system.
You can also follow the next section for a manual install on macOS.
For Windows users, we currently recommend using Windows Subsystem for Linux 2 (WSL2). WSL1 is not supported. Run these Linux / Manual install instructions in your WSL2 environment.
Head over to our releases page on Github and download the latest release for your operating system.
Grant execute permissions and move the binary onto to your PATH. For example, on Ubuntu 20.04:
Check that the CLI was installed correctly.
If you have any issues, check that you have libssl1.1 (installed with OpenSSL) and libtinfo5 (or libtinfo6). Most recent Linux distributions will already have these libraries installed.
Check that your clock is accurate. Account linking depends on an accurate clock and may fail due to clock drift.
Mismatched clocks between a host system and container or VM may also cause issues.
Run fission --version to check if you are using an old version of the CLI.
To upgrade the CLI on macOS, brew uninstall and brew untap to reset brew.
Reinstall with brew tap and brew install.
On Linux, repeat the installation steps listed above, leaving out the installation of the additional libraries.
Make a recovery kit and never lose access to your account
Fission users can recover a lost account with a Recovery Kit. You can create a Recovery Kit in the Fission Dashboard to ensure you will always have access to your account.
Account recovery is only needed when you do not have any linked devices. If you have lost access on one device, but are still signed in on another device, you can use account linking instead.
Sign in to the Fission Dashboard and select Recovery Kit.
To create a Recovery Kit, you need to grant the Fission Dashboard access to your private files. This step is necessary for the Dashboard to recover your private files.
Allow creating a recovery kit and grant permission in the Fission Auth Lobby.
After granting permission, you can create a Recovery Kit.
The recovery kit should be stored somewhere safe. Anyone with access to your Recovery Kit can access your private files. If you lose your Recovery Kit, you will not be able to recover your account.
Download your Recovery Kit and save it somewhere safe.
We recommend you store it on a device or storage medium that you will not easily lose.
If you have lost access to your account, you can recover it with a Recovery Kit from the Fission Dashboard.
Select the Recover your account option below the sign in button.
You will need your Recovery Kit and access to the email you used to create the account.
Drag your recovery kit onto the upload box or click the box to select it from your file system. Fission Dashboard will import your recovery kit.
After Fission Dashboard imports your Recovery Kit, select send email.
Fission will send you verification email. Click on the link in the email and the recovery page will give you an option to recover your account.
Select recover account and re-link your account by signing into the Fission Auth Lobby.
Make sure to keep the recovery page open while you re-link your account.
The Fission Auth Lobby and account recovery page will show you confirmation codes.
When you are satisfied that the codes match, confirm in the account recovery page.
After confirming, Fission will recover your account, and you can access your files again.
Your Recovery Kit will work again if you need to recover your account in the future.
Migrate your file system to get the latest features
Fission will occasionally change how your file system is stored to enable new features, improve performance, and improve security. Some of these changes require a file system migration.
Because Fission has no control over your file system, we cannot migrate your file system for you. To help you with migrations, we've developed a command-line tool that upgrades your file system to the latest version.
If your file system is outdated, you will see a message like this in the Auth Lobby (https://auth.fission.codes):
If you decide that your username and data are not worth keeping, go to https://auth.fission.codes and click the text "remove this device" on the bottom of the page. Keep in mind that you will not be able to access data associated with the account afterward.
After removing a device, you will be able to create a new account. New accounts are always created at the latest file system version.
Multiple devices. If you have signed in on multiple devices, remove each device and link them again after you have created a new account.
At the moment, running a migration requires familiarity working with the command line on your machine.
The Webnative File System (WNFS) migration tool will use your linked credentials when migrating your file system.
wnfs-migrationYou can now install the migration CLI tool with npm:
npm install --global wnfs-migration
wnfs-migrationMake sure the output of npm bin is on your PATH. If it is not, you can prepend your command with the path returned from npm bin, for example: $ /home/me/node_modules/bin/wnfs-migration
At this point, wnfs-migration has migrated a local copy of your WNFS. It will then ask you to confirm that you want to overwrite the synced version of your file system on the Fission servers.
Enter Y to confirm or n to decline and abort the migration process. If you confirm, wnfs-migration will sync your migrated file system:
There is a live beta of the development version available at . It might delete your apps or eat your JavaScript.
All of the apps that you have published with your account are listed on the Apps page.
Behaviour between drag-and-drop and the file chooser differs slightly!
If you upload files via drag-and-drop, e.g. by selecting the files index.html and styles.css and dropping both, you'll end up with these two files at the root of your app, so e.g. at your-app.fission.app/index.html.
If you upload files via clicking on the drop area, you'll open a directory chooser. There, select the directory that contains all files you want to have served on your app. So, e.g. choose the build directory that contains the index.html and styles.css files.
Fission Drive lets you browse public, unencrypted files stored on IPFS.
Fission Drive is currently a preview release of our upcoming file storage and identity system that lets you take your files anywhere, encrypted end-to-end as well as for public hosting of files, websites, and apps.
The Preview release is an exploration of the interface, and currently supports only public files.
You can browse any IPFS directory, not just those hosted on Fission, by entering in the hash, or Content ID (CID), of a directory.
Preview supports system wide / browser settings for dark vs. light mode and will switch automatically when you change those settings.
Note: ChromeOS does not currently support dark mode.
Clicking on an image will give you a file preview.
Click on the double arrows in the top right hand corner to embiggen the preview to full screen. Hit the X to close the preview.
The "Open in new tab" link will give you a permanent link for sharing the current file, using the Fission IPFS gateway.
Yes, this works on mobile!
Use arrow keys to navigate, enter to open preview.
An introduction to Fission for developers
The Fission CLI and Webnative SDK are developer tools for interacting with Fission services. This section will introduce the technologies used in these tools and describe how they work on your machine and in the broader network.
The Fission CLI and Webnative SDK use the InterPlanetary File System (IPFS) for networking and data transfer. IPFS uses peer-to-peer communication to exchange data between peers.
What is IPFS? IPFS is a distributed system for storing and accessing files, websites, applications, and data. If you aren't already familiar with IPFS, you may want to read Protocol Lab's guide.
In the browser, the Webnative SDK connects with Fission peers to access and update user data. Likewise, the Fission CLI connects with Fission peers to publish websites. In both cases, you can substitute your own peers by running your own Fission server.
The Fission Command Line Interface (CLI)
The Fission CLI is a developer tool for working with apps and managing your account on the Fission platform.
The Fission CLI uses multipart commands with the structure:
Commands group related subcommands into operations on apps or accounts. Options extend functionality or display help information.
Shortcuts combine a command and subcommand into a shortcut command:
The options that would apply to the multipart command also apply to the shortcut.
This guide covers the most commonly used options. More options are available for you to explore and you can always to ask us more about them!
The --help option displays a quick reference at any command level.
At the top level, fission --help displays a high-level summary of all commands and shortcuts.
Get your first site up and running with this beginner-friendly guide
With fission installed, we are ready to set it up on your local machine. If this is your first time using fission, you will be prompted for a username and an email to confirm your new account.
A private key has been generated for your machine and saved in the ~/.config/fission/key/ directory. This key secures your communication with Fission services and works like using an SSH key to connect to GitHub.
Let's publish a simple webpage with Fission! We will write a simple webpage, register it as a Fission app, and publish it to the web.
Create a project directory and an index.html file.
Add some content to index.html:
Run fission app register command to initialize the webpage as a Fission app. You will be prompted for a build directory.
Press enter to set hello-universe as your build directory, and fission will initialize your app.
Fission will create a fission.yaml file with your app configuration.
Run fission app publish to publish the webpage.
Copy the URL from the last line and paste it into your web browser to view the webpage live on the web. Nice and simple!
It may take a few minutes for DNS to propagate. If you don't see the webpage live at the URL, come back and try again in a bit. You can also take the URL from the CLI output and view the webpage athttps://ipfs.runfission.com/ipfs/{URL}right away.
The Fission CLI account management commands
Use fission setup, fission user whoami, and fission login to set up your account, display your username, and link your account in web browser.
The fission setup command registers your account with Fission or links to your existing Fission account.
When you register a new account, you will be prompted for a username and an email. Fission will send you an email to confirm your account and complete your registration.
The fission setup command will create a global config.yaml file in your ~/.config/fission directory. See the guide for more information about the config.yaml file.
Use fission user whoami to display your username.
You can link your Fission account in a web browser to interact with Fission-enabled apps. The fission login command sets up the CLI to listen for requests to link your account.
The browser window and command line will display confirmation codes. Verify that the confirmation codes match and grant access at the command line.
The browser window will update to show that you have successfully linked your account.
If you are signed into a Fission account in a web browser, you can link your account and use it at the command line.
Use fission setup to create and link a CLI user at your command line.
When prompted, enter Y to confirm you have an account and enter your username from the browser window. The auth lobby and CLI will display a confirmation code.
When you have confirmed that the codes match, approve in the browser, and the CLI will complete the setup process and link your account.
You can set up your machine with an existing account if you have the machine_id.ed25519 key. Use --with-key argument and the path to your key.
As well as using the to register and publish apps, you can drag and drop a folder of HTML, CSS, and JavaScript files to create and publish your app directly from the browser.
When you click on an app in your , you get to a page you can update, rename or delete your apps on.
You can use QmbCLefkFuXbhHBWSW7PWmJzBL7W7e8zm41HK4DGJ1RDwV as an example folder to browse. Visit to try it out.
The hash above represents Boris' public files, which you can also see in the default IPFS browser at .
Apps that use Webnative communicate with Fission peers through a provided by the Fission Auth Lobby. You can pass an instance of js-ipfs to Webnative to .
More to come. We are planning to cover more concepts here. Come by our if you have questions on what we have covered so far.
If you already have an account created in a web browser, you can link it on your local machine. See the to link your account.
The url is where your webpage will be on the web after it has been published, build tells the fission which directory to publish, and ignore is a list of files and directories to ignore. See the for more details.
The registration process will also create a for you automatically at the URL YOURNAME.fission.name using your Fission username.
Open the in a browser window, select "Sign In", enter your Fission username, and select "Link Account".
Open the in a browser window.
The Fission CLI commands for generating credentials
Use fission generate credentials to generate key pairs and DIDs.
The fission generate credentials command generates a new Ed25519 key pair and an associated DID.
See the W3C did:key Method specification for details on the derivation of DIDs from public keys.
Generated key pairs are not stored anywhere and are not associated with your Fission user account. Be careful to store a copy somewhere safe.
Installing the Webnative SDK
You can add Webnative to a project by loading it from a CDN or installing it with a package manager.
For prototyping or experimentation, you can use the latest version of Webnative.
We recommend linking to a specific version in production to avoid unexpected changes.
Use the build from the global context.
We recommend installing Webnative with a package manager for larger projects that use build tools or bundlers.
Install Webnative with npm or your preferred package manager.
Import Webnative in your application.
An SDK for building apps with decentralized identity and storage
The Webnative SDK empowers developers to build fully distributed web applications without needing a complex back-end. Webnative provides:
User accounts using the browser's Web Crypto API or a blockchain wallet using the Webnative WalletAuth plugin
Authorization using UCAN
Encrypted file storage using the Webnative File System backed by IPLD
Key management using the AWAKE protocol to link devices
Platform APIs for publishing apps from the browser
Webnative applications work offline and store data encrypted for the user by leveraging the power of the web platform.
This guide walks through the fundamental concepts for working with the Webnative. We also publish an API reference at webnative.fission.app and you can view the source code on GitHub.
You can also view the API reference at deno.land and paka.dev.
Have questions? Ask your questions in the Fission Discord server or post them to the Fission Developer forum. We are excited to help you build apps with Webnative and would love to hear from you!
Creating a Webnative program
You can use the Webnative SDK by creating a Webnative program. Here is a minimal example:
A Webnative program is a set of components and utilities for building a distributed web application.
We'll cover each part of a program in upcoming sections. As a quick summary:
Session. A session including a username and a filesystem instance. A session will be created from an authentication strategy or requested capabilities depending on which approach your application takes.
Authentication Strategy. A set of functions for registering users and linking devices.
Capabilities. A set of functions for requesting authorization from another app.
Configuration. The configuration used to instantiate the program.
Components. Component implementations for authentication strategy, capabilities, crypto, storage, depot, manners, and references.
Shorthands. Helper functions provided for easy access.
You can configure a program with a namespace parameter and a few optional parameters:
We saw a namespace earlier in our minimal example:
A namespace isolates an application in browser storage. This isolation means you can work on multiple apps on localhost at the same port and not worry about them interacting or conflicting. Provide each app a namespace, and they will exist independently.
You can also set the namespace as a string:
The debug flag determines whether Webnative should log detailed debugging information to the console. The default value is false.
The loadImmediately flag determines if Webnative should load the filesystem at initialization. The default value is true.
The filesystem can be loaded after initialization using the program.loadFileSystem shorthand function. In most cases, you will want to load the filesystem immediately, but deferring can sometimes be useful. For example, you can load the filesystem in a Worker after initialization.
The version sets the filesystem version. The version defaults to the latest stable version of WNFS.
Permissions are the capabilities to be requested from another application. We'll cover permissions in more detail in the Requesting Capabilities section.
User messages are alerts that report to the user when the current version of Webnative does not support their filesystem. You can update these messages to provide users with your support information.
You can deeply customize a Webnative program by providing component implementations. We'll discuss custom components in the Components section.
More information on global and app YAML configuration files.
Fission stores global and app configuration options in YAML files. The global configuration is stored in a config.yaml file and app configurations are stored in fission.yaml files.
After you run fission user setup, you will have a global config.yaml in your ~/.config/fission/ folder. You can open config.yaml in a text editor or display it at the command line.
The default global config.yaml will looks something like this:
In most cases, the only thing you will want to change in this file is the ignore section. The other sections are managed by the Fission CLI.
Ignore is a list of files you don't want fission app publish to publish. For example, you might add commonly ignored files and secrets.
Ignore follows the same conventions used in a .gitignore file.
Username is a name you select for yourself during fission setup.
The UCAN that was used to link from another device or browser. null if the account was created on this device.
Server DID is the identity of the Fission server that authenticates your requests when using the Fission CLI.
We configure your machine to directly connect to our servers. The peers are the IP addresses and fingerprints of our servers.
You can also fetch our active public peers from the peers endpoint: https://runfission.com/ipfs/peers
Eventually, we'll have a list of peers around the world.
Timestamp of the last check for an updated version of the CLI.
The path to the key used to sign requests made when using the Fission CLI.
When you create a new app with fission app register, a fission.yaml file is created in the directory where you ran the command. The default fission.yaml file looks something like:
Ignore works the same as the ignore in the global configuration. You can use it to list files that you do not want to publish.
You might use it to ignore a directory like node_modules or all files with an extension like Photoshop .psd files.
YAML can specify lists in a couple of different ways, both like this, or as comma-separated list shown in the global config.yaml example above.
The URL where your app is viewable after it has been published.
Eventually, you will be able to publish different versions of your app -- for example, development, testing, production, etc. -- and use custom domains for your app.
The build directory is the directory the Fission CLI will publish. Use this when you have a build step that produces a production-ready version of your application.
The build directory is set as a relative path from the location of the fission.yaml file.
If you are using a well-known build directory, the Fission CLI will attempt to detect it the first time you run fission app register. It will prompt you and ask if you would like to use the directory it detects.
The Fission CLI commands to work with apps
Use the fission app command and its subcommands to work with apps. The main operations are registering an app, publishing an app, and displaying information about an app.
The fission app register command initializes a new app and links it to your Fission account.
You will be prompted for a build directory. The Fission CLI will publish your app from the build directory you select.
If you are using a common build directory, the Fission CLI will detect it when you run fission app register and suggest it. You accept the suggestion or enter another build directory as a relative path from the fission.yaml file.
The Fission CLI will create a fission.yaml configuration file with a list of files to ignore, a URL where your app will be viewable after it is published, and a build directory. See the Fission YAML guide for more information about the fission.yaml file.
You can also use a custom domain name for your app. See the Custom Domains guide to set up a custom domain name.
The fission app register command has advanced options:
Use the fission app publish command to publish your app to the web. Run this command from the directory that contains your app's fission.yaml configuration file.
The fission app publish command publishes your app and associates it with the URL in the fission.yaml file. After your app is published, the Fission CLI will output a success message and the URL for your app.
The fission up command is a shortcut for fission app publish.
The fission app publish command has advanced options:
You can continuously publish your app by adding the --watch option. The Fission CLI will watch your build directory and publish whenever it detects a change.
This means that as you work in your local development environment, changes are continuously streamed online as you save. Note that some development environments have different code and output options than "production", but this will allow you to quickly and easily share a live online version with other people.
Use fission app info to display the URL where your app is viewable.
The fission app delegate command delegates the capability to work with apps to a DID:
You can delegate apps you have registered on your machine or delegate from environment variables by setting FISSION_MACHINE_KEY and FISSION_APP_UCAN to an Ed25519 private key and a UCAN whose audience is associated with the key. Both environment variables must be set.
The command assumes least privilege by defaulting to Append potency and limiting the UCAN lifetime to five minutes. Both potency and lifetime can be set when more potency or a longer lifetime are desired.
The fission app delegate command has advanced options:
Requesting capabilities from another app
Capabilities is an API that allows apps to request authorization from another app.
Capabilities includes:
collect. Collects UCANs and file system secrets.
request. Requests authorization from another app.
session. Creates a session after authorization has been granted.
We saw earlier in Authentication Strategies how an app can register a user and link their account across devices. Authentication strategies are designed for use within a single web app across multiple devices.
Capabilities are an API for linking between apps. One app requests permission to access some set of resources from a second app with capability equal to or greater than the requested permissions. On user approval, the second app returns capability to the first app in the form of UCANs and file system secrets.
Fission Auth Lobby only. At present, the only app that can provide capabilities to another app is the . We plan to open capabilities provisioning to other apps in a future release.
Here is an example of requesting capabilities from the Fission Auth Lobby:
When Webnative redirects users to the Fission Auth Lobby, they will see a prompt with the permissions that your app has requested. The user can choose to accept or decline the request.
Either way, the Fission Auth Lobby redirects the user to your app. If the user accepted, Webnative will automatically create a session at program initialization.
Creating a Webnative session
A session is an authenticated interaction between a user and a Webnative program. Sessions are typically long-lived and are based on a user controlling a key pair.
Webnative authenticates and authorizes a user who controls a key pair through:
WebCrypto. The browser which supports non-exportable private keys.
WalletAuth. A browser extension that supports blockchain wallets through the plugin.
Requesting capabilities. Uses a WebCrypto key pair, but authorization must be requested from another app with equal or greater authority.
A session can be created through an or by . We'll look at each of these approaches in upcoming sections, but for now here is the Session class they create:
A session includes a session type, username, and an optional filesystem.
The session type indicates how the session was created. The possible types include webCrypto and capabilities.
WalletAuth uses a blockchain wallet but delegates to a WebCrypto key pair. As a result, the session type when using WalletAuth is webCrypto.
A username selected by the user at registration. When requesting capabilities, the user will already have a username from the app where they originally registered.
The username is a wallet address when using WalletAuth.
The elements of a distributed app
The Webnative SDK is built on a few foundational blocks, the Webnative File System (), , s, and s. How these pieces are bound to an identity, communicated to other devices and users, encrypted, and transferred, is customizable through components. By default, Webnative uses the Fission infrastructure, but you don't have to.
There are seven components:
Auth. Responsible for , , and .
Capabilities. Determines how are requested and collected.
Crypto. How should private-public key pairs and symmetric keys be stored? How do I sign a message? Which key types should I support for the did:key method? What are my agent and sharing key pairs?
Depot. Gets IPLD data in and out of your program by creating and referencing CIDs. File system data is brought in and shipped out through this component.
Manners. Various behavioral elements. If the debug configuration flag is enabled, how does the logging happen, file system hooks, etc.
Reference. Responsible for the sources of truth: the data root (root CID of WNFS), the DID root (your account DID, aka. root agent DID), DNS, and repositories of various items.
Storage. Stores and retrieves ephemeral and session data.
The crypto component configures Webnative to work with the key pair used by an Ethereum wallet.
The manners component alters how Webnative transfers the root file system encryption key. Using file system hooks, the key is encrypted and put on the public side of the file system. The wallet can always decrypt this key, enabling file system access no matter what device connects.
In this example, we'll add a file system hook and emojis to the debug messages.
To use a different component than Webnative's defaults, all you have to do is pass them into the program. Alternatively, if you have a whole composition (see the section below), you can skip a step and directly use the assemble function. That's what the program function uses underneath.
A composition is a full set of components.
Authentication strategies for registering and linking accounts
An authentication strategy is a set of functions for registering and linking a user's account across devices.
A Webnative program includes an authentication strategy. Webnative provides a WebCrypto authentication strategy by default, but you can configure the strategy using the Components API.
An authentication strategy includes:
accountConsumer. An event emitter that requests device linking from an authed device.
accountProducer. An event emitter that provides device linking to an accountConsumer.
isUsernameAvailable. Checks if a username is available.
isUsernameValid. Checks if a username is valid.
register. Registers a user with a username and an optional email.
session. Creates a . Called after registration or device linking.
Here is how you register a user:
Our example checks if a username is valid and available, registers a user, and creates a session.
Why is email optional? Most Webnative applications will not need to register user emails. However, we plan to add support for account recovery in a future version of Webnative, and email may become more relevant then.
Each user device has an agent DID associated with the key pair on device. You can query the program to inspect the agent DID:
We call the DID registered with the server the root agent DID. Each time a device makes a request to the Fission server on behalf of a user, it must be the user's initial root device or a device with delegated authority from the root device.
Device linking provides a secure mechanism for linking a user's account across devices or browsers.
Device linking occurs between an account producer (an authed device) and an account consumer (a device that would like to be linked). The devices bootstrap a secure channel to communicate, and the producer issues an account UCAN to the consumer that authorizes it to act on the user's behalf with full capability for 1000 years. So effectively, the newly linked device will have full access to the user's account for as long as it matters.
We want to note that no private keys are ever sent over the wire during device linking. Instead, each device is an agent with its own key pair and associated agent DID. The producer issues an account UCAN that delegates authority to the consumer's agent DID. When the consumer later makes a request to the Fission server, it provides the account UCAN as proof that it can act on the user's behalf.
When a user links a device, they should open a linking page on the authed device and the device they would like to link. The device to be linked needs to be configured with their username. We recommend the authed device display a QRCode or copy link that encodes the username as a query string param. The user can also manually enter their username on the device to be linked.
Here is an example of an account producer:
An account producer emits challenge and link events. The challenge is a PIN sent by the consumer.
Here is a matching account consumer:
An account consumer also emits challenge and link events. The consumer should create a session when the link event reports approval.
How to share private data with the Webnative SDK
You can share a private file or directory with another Fission user:
Private shared data uses public keys, which we call exchange keys, that live in a user's public filesystem under .well-known/exchange/. Exchange keys are unique per domain because webnative generates a key-pair per domain, so we need to add an exchange key to each domain that will accept shares. We can add an exchange key to a filesystem using:
The auth lobby automatically does this when we create our account, link a device, or authorise an application.
When the receiver of the share has their exchange key(s) set up, we're ready to create a share:
That will do an fs.publish() and consequently a data root update, so you'll want to wait until those are complete before accepting a share.
The shareDetails contain a shareId used to accept or load a share.
By accepting a share, you create a symbolic link (aka. soft link) to the shared data in the /private/Shared with me/SENDER_USERNAME/ directory. In other words, accepting a share is fs.loadShare() plus copying the soft link from the share:
If you'd like to use the auth lobby to accept, for ease of use like Fission Drive does, then you can create a share link with the share details we got earlier:
When sharing a file or directory with someone, they will receive the updates to those items due to how soft links work. Most filesystem methods work out of the box with soft links, such as get and read. But sometimes, you need to resolve them manually, which you can do with fs.resolveSymlink(). If you want to create a soft link manually, you can do that with:
⚠️ For now soft links are read-only.
Working with the Webnative File System (WNFS)
The Web Native File System (WNFS) is a file system built on top of the InterPlanetary Linked Data model (). Each Webnative user has their own WNFS, and apps store user files and data in it.
Each file system has a public tree and a private tree, much like your macOS, Windows, or Linux desktop file system. The public tree is "live" and publicly accessible on the Internet. The private tree is encrypted so that only the owner can see the contents.
All information (links, data, metadata, etc.) in the private tree is encrypted. Decryption keys are stored so that access to a given directory grants access to all of its subdirectories.
WNFS is structured and functions similarly to a Unix-style file system, with one notable exception: it's a Directed Acyclic Graph (DAG), meaning that a given child can have more than one parent (think symlinks but without the "sym").
A Webnative app assumes full access to the file system unless given a permissions object in the configuration, then it assumes authorization to parts of the filesystem will be granted when from another app.
WNFS uses directory and file paths built from path segments by path functions.
Path Objects. The path functions create objects like { directory: ["public", "some", "directory"] } or { file: ["public", "some", "file"] }. We recommend you use path functions because they validate paths to make sure they are well-formed.
WNFS exposes a POSIX-style interface:
add: add a file
cat: retrieve a file
exists: check if a file or directory exists
ls: list a directory
mkdir: create a directory
mv: move a file or directory
read: alias for cat
rm: remove a file or directory
write: alias for add
The publish function synchronizes your file system with the Fission API and IPFS. WNFS does not publish changes automatically because it is more practical to batch changes in some cases. For example, a large data set is better published once than over multiple calls to publish.
Returns: CID the updated root CID for the file system.
Remember to publish! If you do not call publish after making changes, user data will not be persisted to WNFS.
Methods for interacting with the filesystem all use absolute paths.
The FileContentthat WNFS can store includes FileContentRaw, Blob, string, number, and boolean. FileContentRaw is Uint8Array. In addition, the private file system can store Objects.
add
Adds file content at a given path.
Params:
path: FilePath required
content: FileContentrequired
Returns: CID the updated root CID for the file system
Example:
cat
Retrieves some file content at a given path.
Params:
path: FilePath required
Returns: FileContent
Example:
exists
Checks if there is anything located at a given path.
Params:
path: DistinctivePath required
Returns: boolean
Example:
get
Retrieves the node at the given path, either a File or Tree object
Params:
path: DistinctivePath required
Returns: Tree | File | null
Example:
ls
Returns a list of links at a given directory path
Params:
path: DirectoryPath required
Returns: { [name: string]: Link } Object with the file name as the key and its Link as the value.
Example:
mkdir
Creates a directory at the given path
Params:
path: DirectoryPath required
Returns: CID the updated root CID for the file system
Example:
mv
Move a directory or file from one path to another.
Params:
from: DistinctivePath required
to: DistinctivePath required
Returns: CID the updated root CID for the file system
Example:
rm
Removes a file or directory at a given path.
Params:
path: DistinctivePath required
Returns: CID the updated root CID for the file system
Example:
write
Alias for add.
Params:
path: FilePath required
content: FileContent required
Returns: CID the updated root CID for the file system
Example:
Each file and directory has a history property, which you can use to get an earlier version of that item. We use the delta variable as the order index, primarily because the timestamps can be slightly out of sequence due to device inconsistencies.
Requesting many versions with file.history.list can be slow. The acceptable delay will depend on your application.
The private crypto and storage fields are internal and can be ignored, but they give us an early hint of the Webnative component system described in the section.
A instance. A filesystem is provided by default, but Webnative can be configured without WNFS through the Components API.
The plugin allows you to use your blockchain wallet to authenticate with webnative. It does not have an auth component because the identity already exists. But it does have crypto and manners components that make the following customizations:
UCAN. The following sections assume you have a working knowledge of User Controlled Authorization Networks (UCANs). If UCANs are unfamiliar, we strongly recommend you visit to learn more before continuing.
Webnative registers a user by submitting a username, optional email, and a UCAN authorizing the registration to the Fission server. The UCAN contains a which the server registers as the user's DID.
Users link devices mainly to access their data on their phone, laptop, tablet, or in another browser. A second benefit is that linked devices are an account backup mechanism. Any linked device can always authorize a new device if a user loses their root device. See the for an example walkthrough of a device linking experience.
Distributed applications. We've claimed a few times that Webnative is an SDK for building distributed applications. Device linking uses the and is one piece at the heart of what makes Webnative apps distributed. An authed device has all the authority it needs to link new devices. They do not need to ask a server or third party for permission.
During device linking, interfaces must present the user with a PIN challenge. Display the PIN challenge on both devices so the user can confirm the PINs match. The PIN challenge is important for securing the device linking process to prevent .
Here you see a photo being shared from and being accepted by another user in the .
All WNFS operations expect paths created by path functions. See the for more path utility functions.
Paths created by have a FilePath or DirectoryPath type. Methods with a DistinctivePath param accept either a FilePath or a DirectoryPath.
Become a Webnative jedi 🧘
Check the Webnative version.
Debug logging can be enabled through the configuration object.
When Webnative makes a change to the user's filesystem, it logs:
Next, Webnative links the change to make it available across the web.
When linking completes, the change is published and available to other browsers.
A Webnative program provides shorthand utility functions for easy access:
The shorthands include:
loadFileSystem. Loads the user's file system. Useful when you want to delay loading the filesystem until some time after initialization.
agentDID. Retrieves the agent DID for the current device.
sharingDID. Retrieves the sharing DID for the current device.
WNFS comes with three separate top-level file systems "roots": public, pretty, and private.
Not encrypted. Full metadata support. Starts with /public.
Not encrypted. No metadata. Represented simply as /p to be nice and short when creating public URLs like /p/path/to/file.img. It does not support versioning, use the Public or Private trees for that.
Encrypted. Structured so that file metadata as well as contents are obscured. Starts with /private.
More about roots. Learn more about roots in the Fission whitepaper.
Can I use my file system in a web worker? Yes, but depending on which type of session you want you may need to adjust your setup. To be more specific, when working without capabilities you can just create a program in your web worker. But when working with capabilities, it'll depend on how your chosen capabilities flow works. In the case of the current Fission auth lobby, access to the window object is needed when requesting capabilties, so that'll need to happen on the UI/main thread.
Feel free to reach out on our Discord if you need help.
Since the file system may evolve over time, a "version" is associated with each node in the file system (tracked with semver).
Instructions for DNS and domain registrar settings to use a custom domain with Fission
Every Fission App gets a free subdomain.
Currently, these look like YOURUSERNAME.fission.name, but we're migrating to user accounts and attached apps, where every app has YOURAPPNAME.fission.app.
To use a custom domain of your own, like YOURAPPDOMAIN.com, you need to make some changes to DNS. There are two methods detailed in the following pages:
Fission Hosted DNS - move your nameservers to Fission, we automate everything
Control your own DNS - create a CNAME and TXT record and point them at Fission services
Note: custom domains currently require manual confirmation by us. This will be integrated directly into the Fission CLI and be fully automated. For now, contact us on our support page if you want to use this feature.
Fission Platform APIs
The webnative platform API provides methods to work with Fission apps.
The platform API makes it possible to manage user apps and, combined with the webnative filesystem methods, create and manage apps entirely from the browser.
Yes, you can build an app, that creates apps on behalf of the user! This is a way for developers to make use of the Fission Platform to build their own MicroSaaS business, including custom domains and other features for their users.
The API methods are prefixed with apps.
apps.index: A list of all of your apps and their associated domain names
apps.create: Creates a new app, assigns an initial subdomain, and sets an asset placeholder
apps.publish: Publish a new app version
apps.deleteByDomain: Destroy an app identified by domain
Apps that use the platform API must request permission to work with a user's apps. Permissions are requested when a user signs in through the Fission Auth Lobby. See the requesting capabilities guide for more on requesting permissions.
Platform API permissions are requested at permissions.platform.apps in the configuration object.
The value at permissions.platform.apps can be
"*": Grant complete app management access for all of the user's apps
An array of domain names, e.g. [ "an-app.fission.app", "another-app.fission.app" ]: Grant permission to manage specific apps. Those apps can be published or deleted.
These app function are a bit more low level than your usual Webnative functions. This is because these functions are specifically for the Fission architecture, while the rest of Webnative is not. We'll need two things to get started, the endpoints and the dependencies:
apps.index
Lists all user apps and their associated domain names.
Required permissions: { platform: { apps: "*" } } full app management permissions
Params: No parameters
Returns: App[] with the domain names, creation and modification times for each app
Example:
apps.create
Creates a new app, assigns an initial subdomain, and publishes a placeholder site.
Required permissions: { platform: { apps: "*" } } full app management permissions
Params:
subdomain: string | null optional, set to null to generate a name
Returns: { domain: string } the subdomain of the newly created app
Example:
apps.publish
Publishes a new app version by IPFS CID. If the app does not exist yet, create the app first with apps.create.
Required permissions: Needs either permission for the app domain or full app management permissions. See Permissions.
Params:
domain: string required
cid: CID required
Returns: Nothing returned
Example:
Retrieving the CID depends on where you have staged the app code. One convenient way to do this is to publish the app's HTML, CSS, JavaScript, and assets to a public directory in WNFS and retrieve the CID of that directory.
apps.deleteByDomain
Delete an app by domain.
Required permissions: Needs either permission for the app domain or full app management permissions. See Permissions.
Params:
url: string required
Returns: Nothing returned
Example:
Migration guides for new versions of the webnative SDK
Some versions of Webnative require apps to migrate their codebase to address breaking changes. Versions with changes are listed below.
This version of Webnative is a major rewrite. Most apps will only need to update their initialization, permission request, and registration code to use the new APIs.
In previous versions, Webnative was initialized using the initialise or app functions that returned a state object:
In Webnative 0.35, Webnative is initialized by creating namespaced programs and creating sessions.
Initialize a program with permissions when your app requests capability from the Fission Auth Lobby.
Apps with root authority initialize without permissions and use authentication strategies to register users and create sessions:
In both cases, the program will have an authenticated session at initialization when a user returns for another visit.
See the Initialization, Session, Requesting Capabilities, and Authentication Strategies sections for more details on the new APIs.
Webnative 0.35 also updates the file system interface so that only Uint8Array can be written to and read from WNFS. If you are storing strings or other types of data, you will need to convert them Uint8Array before writes and convert them from Uint8Array on reads.
For example, writing a string to a file and later reading it looks like this:
Please review the CHANGELOG for an overview of the other changes in this version.
The publicReadKey function in keystore-idb was renamed topublicExchangeKey.
Most users will not need to change anything for webnative 0.28.0, unless they are interacting directly with keystore-idb.
The type of App returned app.index has changed. Previously, the return type was
In Webnative 0.27.0, the the return type is
The domain for the app is now in the domains array.
The URL for loading webnative from UNPKG has changed. In Webnative 0.26.0, Webnative was available as index.min.js.
We found that some projects needed the UMD build and brought it back in Webnative 0.26.1. We have replaced index.min.js with index.umd.min.js.
The URL for loading webnative from UNPKG has changed. In previous versions, Webnative was available as index.umd.js.
In Webnative 0.26, Webnative is available as index.min.js.
The way paths are used throughout the Webnative and filesystem APIs has changed.
In earlier versions of Webnative, API calls expected UNIX style paths.
In Webnative 0.24, paths are created by path helper functions for files and directories.
The docs for the previous API remain available for reference.
This guide is versioned by Fission CLI/Webnative SDK versions. You can switch versions at the top left of the UI above the Overview to match the CLI or SDK version you are using.
The Latest version represents all versions newer than the last numbered version. We add a new guide version when a breaking change occurs in the CLI or Webnative
Use Fission's name servers and we'll automate DNS and domain updates
We can take care of this for you by hosting your DNS for you. This means changing your name servers to the Fission ones. Below are guides for some DNS providers.
ns1.fission.systems
ns2.fission.systems
ns3.fission.systems
ns4.fission.systems
Once this is completed, we'll confirm it and handle any other updates needed automatically.
Go to the domain you want to host on Fission in your Namecheap admin:
Where it says "Namecheap BasicDNS", select "Custom DNS" from the drop down:
Enter in ns1.fission.systems and ns2.fission.systems and click the green check mark to save.
Use a custom domain with Fission and keep control of your DNS
By adding a TXT record for your app and a CNAME pointing at our gateway, you can run your DNS elsewhere but still have a custom domain for your Fission app.
For your domain, YOURAPPDOMAIN.com, go into your DNS provider control panel and add a CNAME pointing to ipfs.runfission.com.
@ usually represents the "root" or domain apex. Some DNS providers don't support a CNAME for your root, so you'll need to add a CNAME for www instead.
The process for a subdomain is the same SUB.YOURAPPDOMAIN.com, but looks a little different. Go into your DNS provider control panel and add a CNAME pointing to ipfs.runfission.com.
Next, add a TXT record pointing to your app subdomain. Your APPNAME is created when you run fission app register, and will look something like junior-angular-tulip . We're creating a link to say that the content from your app should be served up your domain with a special dnslink record:
Subdomains function the same way, with the _dnslink subdomain, where you're adding the TXT record being "above" the SUB.YOURDOMAIN.com record, which looks like this:
This process is not fully automated right now, so you'll need to send us an email support@fission.codes or drop by our support page to send us a chat, and we can get things setup on our end.
Fission logos and badges for use in your apps
Fission logos and badges are copyrighted by our company, Fission Internet Software. Feel free to use them in apps that use our software or when linking to us.
Please do not modify these logos or brands. Let us know if you need another format for your use case.
Basic example of how to make a UCAN. Note that the issuer always has to be your DID, because the UCAN will be signed with your private key.
By using Cloudflare as your DNS provider and their , you can deploy on Fission but have your content be served by Cloudflare. This will let you use custom domains with your Fission apps while we work to automate the process fully on the platform.
For your domain, YOURAPPDOMAIN.com, go into your DNS provider control panel and add a CNAME pointing to cloudflare-ipfs.com.
Since your domain is already hosted with Cloudflare, there's no step two: they'll add SSL support to it automatically, and turn off proxying.
Now, add a TXT record pointing to your app subdomain. Your APPNAME is created when you run fission app register, and will look something like junior-angular-tulip . We're creating a link to say that the content from that app should be served up at your domain with a special dnslink record:
That's it, you're done!
Whenever you publish a new version of your Fission app, we update the hash that this special record points to. When you go to YOURAPPDOMAIN.com, Cloudflare's gateway looks up this _dnslink record, checks the ipns record, gets the hash, and fetches the content from the global IPFS network. This might even be from your computer directly.
When we initially tested this, the Cloudflare gateway was caching for up to 6 hours. It seems to only take a few minutes at most to show updated content now, but it won't be instant like using Fission directly.
Code and app examples for developers to learn Fission, as well as to use as a base to build their own apps.
We're developing a series of example apps, base templates, and code examples to help you get up to speed in building Fission-powered apps. The is also a great place to look for inspiration.
The Quotes app is a simple app written in Elm. It features Fission login, and stores quotes data in your personal storage.
Try it live at
Browse the source on Github
Fission Drive is maintained by the Fission team and included with every Fission account. It lets you work with all of the files in your account's file system.
Read more about
Login at
Browse the source on Github
, and also teaches you about using WebAssembly.
Photo Gallery
An introduction to storing WASM modules in web native storage
In this guide, we will show how to store WebAssembly modules in Fission web native storage. Our goal will be to store a WASM module and execute it at a later time.
The code in this guide is available in the repository and the example is published at .
We have compiled an add function from C to a WASM module.
Our example app will make a GET request for add.wasm and store it in web native storage. We will list the contents of the directory where the module is stored to confirm it is there. Finally, we will load the module from storage and add some numbers!
Our example uses some helper functions to add interactivity. We won't cover calls to dom.reveal(), dom.hide(), or dom.updateFirstChild(). If you would like to see what these do, please take a look at the code in the repository.
At the moment, this example will not work in webKit iOS or Safari macOS browsers. If you are familiar with WebAssembly in these browsers, we would love some help with this! See the issue for more details.
Before we can store a WASM module, we need to initialize webnative and ask the user for permission to use their web native file system. This example asks for permission to use app storage and uses fs as an alias for the file system after we initialize.
We pass fissionInit to webnative and get back a state that tells us if the user has authenticated or not.
In the AuthSucceeded and Continuation cases, the user gave our app permission to use their file system. Otherwise, they have not been asked or they declined.
The user may have already stored add.wasm and used it to add numbers on a previous visit, so we check and display a stored result if we have one.
If the user has not authenticated, we show them a Sign In button that will redirect them to the Fission auth lobby.
After authentication, we are ready to request add.wasm and store it in web native storage.
We fetch add.wasm and stream the Response into an ArrayBuffer. It will be stored as a Blob in app storage at the path wasm/math/add.wasm.
We prepare a path and blob, write the blob to the local file system, and publish it to the user's wider file system across the web. After we publish, the module is available on any device where the user has set up web native storage.
Next, we can check to make sure the module has been saved in storage.
This time we prepare a wasm/math path for the directory and call fs.ls to list its contents. We take each entry in the directory listing and append its metadata to a table.
Each entry has a name, size (in bytes), last modified time, and a flag indicating whether it is a file or directory.
The module is in storage and we are ready to use it! Each time a user submits lhs and rhs numbers, we load add.wasm and add their numbers.
After some input validation, we prepare the wasm/math/add.wasm path, make sure a module exists at that path, and read it into a buffer. We instantiate the WASM module and call the add function off it.
Earlier we mentioned that storing the module makes it available across the web. Why not do the same for our result? We store the result at the path results/add, and now both the module and the last result are available on any device!
We can delete the module and result from storage to reset our example.
We prepare paths for the module and result and use fs.rm to delete them. Lastly, we publish the deletion to remove them from the wider file system.
Storing WASM modules and results means you only need to request a module or perform a computation once. The web native file system will sync modules and results across user devices automatically. This opens up many opportunities to simplify your applications and sync app data across user devices.
Reading this guide gives you a taste of how this all works, but extending this example will take you much further! Here are a couple of suggested exercises that will help you to get started with web native.
Distributed addition. How about instead of overwriting the result of an addition, we keep a running total across devices?
Build a calculator. A bit more ambitious, but a calculator app that stores state across devices would be so cool!
Add a subtraction operation. We have done addition, adding subtraction would be an easy first step. See for help with compiling WASM modules.
Record
Type
Value
@ (root)
CNAME
ipfs.runfission.com
Record
Type
Value
SUB
CNAME
ipfs.runfission.com
Record
Type
Value
_dnslink
TXT
dnslink=/ipns/APPNAME.fission.app
Record
Type
Value
_dnslink.SUB
TXT
dnslink=/ipns/APPNAME.fission.app
Record | Type | Value |
_dnslink | TXT | |
Desktop and mobile browser support
We are committed to making Web Native and the Fission platform work on desktop and mobile browsers without plugins. This is the list of browsers we aim to support.
Alternative browsers (e.g. Brave, Microsoft Edge) are supported on a best effort basis.
Gmail's guidance on browsers they support states "works best in the newest and last prior version of these browsers", which is also what we'll be aiming for.
Chrome
Firefox
Safari
Chrome
Firefox
Chrome
Firefox
Embedded Webviews in apps may or may not work, as it does differ from Safari.
Fission relies on modern browser API features
Web Cryptography API https://www.w3.org/TR/WebCryptoAPI/
Fission's approach to providing and working with web native building blocks
The foundation of powerful digital applications roughly include three primary building blocks: compute, storage, and identity. Fission's approach is to make use of these building blocks, make them easier to use for developers, and to develop strong default capabilities in each of these areas.
The Fission White Paper can be read for a more technical, specification-style version of our vision and roadmap, including direct links to various sections:
Additional reading and presentations are also available:
User Controlled Authorization Network (UCAN), Auth without a Backend blog post
Presentation to the Berlin Functional Programming Meetup June 2020, A Universal Hostless Substrate: Full Stack Web Apps Without a Backend, and More!
Web Native File System Technical Design Overview, Aug 2020 slide deck and recorded video presentation
Web browsers run on your local desktop, laptop, or mobile device, and use local computer processing unit (CPU) to do work -- to compute things. Your machine provides the work to run apps in your browser. Simple web pages use the browser's built in HTML and CSS capabilities. But many web pages are full blown "apps" that are highly interactive, with a rich user interface (UI). These are typically powered by JavaScript, a programming language that runs in your browser, and uses your local compute.
Web Assembly is a fourth compute environment has been standardized for browsers. It can compute apps that are originally written in many different programming languages, not just JavaScript. We are just starting to see powerful Web Assembly apps being built, like Figma, which provides a PhotoShop-like experience in your web browser.
Fission intends to support Web Assembly, and make it easier to build, host, and scale web native apps that include Web Assembly.
When people think about owning their data, this often reveals that they feel comfortable when they can see and browse the files that an app uses or creates, rather than having to request an export, or not even have access to their data at all.
At Fission, we started by designing a file system that is available to both developers who want to build and host apps, and the people who use these apps.
We have designed what we call Web Native File System, pronounced and written as WinFS. It is built on top of other open protocols, including the InterPlanetary File System (IPFS).
We intend to design and share the WinFS specification in the open, and contribute it as an open standard, with open source implementations that anyone can use.
WinFS is designed to provide an experience like an open source iCloud: available and synchronized across all devices and provide both public and private, encrypted files.
Implementing a login, authentication, and authorization system is challenging to do securely, especially while respecting user privacy, providing end to end encryption, and otherwise balancing ease of use for both developers and customers.
For developers, we wanted to provide a built in way to include logins and authentication without having to struggle to implement it.
For everyone, we wanted it to be easy to login securely, without having to remember passwords, and make that login available on all of their devices.
We built on top of the emerging Decentralized Identifiers (DIDs), which is a working draft of the W3C standards body.
We then designed the User Controlled Authorization Network (UCAN): a way of doing authorization where users are fully in control.
With UCAN, we based it on top of the developer friendly JSON Web Tokens (JWTs) standard, plus Google's Macaroons research paper for more distributed systems.
We combine all of this in the webnative SDK for developers and the Fission platform for app users. In browsers, we use the Web Cryptography API, a W3C standard. The MDN Web Docs include further reading »
We intend to work with existing and emerging authorization and identity standards bodies to contribute our work as open standards.
The Introduction to Web Native Apps post on our blog covers a lot of the same material from a conceptual point of view.
We are inspired by the work of the Ink & Switch research lab, especially their April 2019 publication on Local First Software, which includes their Seven Ideals for local-first Software:
No spinners: your work at your fingertips
Your work is not trapped on one device
The network is optional
Seamless collaboration with your colleagues
The Long Now
Security and privacy by default
You retain ultimate ownership and control
Record | Type | Value |
@ | CNAME |
|
Interplanetary Fission IPFS - Fission Web API as an Heroku Add-on
The Fission Web API is available as a Heroku Add-on. Find it in the Heroku Add-Ons Marketplace. It is currently in a free beta mode with a "test" plan.
As with all Heroku add-ons, you can also create a new add-on locally using the Heroku CLI tool:
If you create the add-on through the Heroku dashboard, you can find your API credentials in the Settings section of your app, under the Config Vars heading:
These can also be used in your local environment by creating an .env file.
The Heroku Add-on uses the Web API, appropriate for server side apps written in any language that Heroku supports. You can browse the live docs of the Fission Web API at runfission.com/docs, or look at our Github repo to find a client SDK for your programming language.
A particularly good use case for using our Fission IPFS add-on is to combine it with setting up your application in a "Deploy to Heroku" mode.
This means adding an app.json file and a few other settings that tell Heroku what add-ons and environment variables your application needs. You can find out more how to set this up in Heroku's documentation.
We built an IPFS Storage Adapter for the Ghost blogging platform, and bundled it together with Deploy to Heroku and the Fission Heroku Add On. You can get started on the hobby tier by clicking the Deploy to Heroku button on Github:
Troubleshooting, work arounds, and known issues.
To check the setup of your DNS for Custom Domains, you can run this dig command:
The "short" option is still pretty long! We're just looking for the ANSWER section:
You can also check records online using the very handy dnsrecords.io. See this example for _dnslink.bmannconsulting.com which just shows us the TXT record we're looking for:
We've had a report with uploading large numbers of files using ipfs-deploy with Fission support that you may need to increase the number of open files that your operating system supports. This could also occur with fission watch.
For ubuntu, read underyx's article to increase the number of open files allowed.
For Mac OS, Wilson Mar has a one liner:
As described in the article, you'll want to add it to your bash or other shell profile so this change is permanent.
On a Chromebook in the native ChromeOS shell? Yeah, Boris hit this issue too when running large jekyll or gatsby builds:
We've had some hiccups with our brew formula recently. To re-install / reset brew, run the following:
Now re-run the installation instructions, copied here for convenience:
Note: we changed from fission-suite to fission-codes, so you'll need to follow the steps above to get on the new packages.
This is related to issue #37.
If you want to see what the Fission CLI is doing under the covers, you can turn on DEBUG mode by calling commands like this:
You'll see that fission up calls your locally installed ipfs command to add files to IPFS. We can see that it's using the 0.4.22 version of ipfs, installed using Homebrew in the "Cellar" where brew keeps installed items.
Then, it sends the hash of the entire directory to our web API, which pins it and fetches the files directly from your laptop and any other IPFS nodes that already have copies of those files in the network.
In this case, we can see that after the "Remote pinning Qm…", there is a 504 Gateway Time-out error from our server. This is a known issue, which we're working on to support large files / large quantities of files.
The --verbose flag can be run on most commands these days. See the CLI docs for working with apps for more info.
The fission CLI installs a managed IPFS node. It runs on port 10235.
