Forge4Flow provides ecosystem and developer tools for the Flow Blockchain, including Identity and Access Management, Blockchain Event Monitoring, and SDKs to better integrate dApps with the ecosystem.

The problem Forge4Flow solves

Developers face challenges in creating dApps due to issues like user authentication, access control, system monitoring, and third-party integration. Forge4Flow aims to address these problems with a developer infrastructure and tooling platform. We're excited to introduce three tool sets to advance the ecosystem:

Blockchain-based authentication lacks comprehensive user verification, requiring custom solutions for advanced functionalities and role-based access control. Transitioning to a Web3 environment increases the complexity of achieving secure user access control, both within DApps and when interacting with Web2 technologies. Auth4Flow offers a simple, open-source Identity and Access Management platform that simplifies Web3 authentication. It supports various authorization schemes, including RBAC, FGAC, ReBAC, and NFT/FT gated access.

One of the biggest advanges of the Flow Blockchain is it's ability to emmit events from within contracts, thus allowing developers to react to changes as they occur. Unfortuantley tooling in this area has not been widely developed. With Alerts4Flow developers can easily setup Event Monitors to receive alerts in realtime using Websockets or Webhooks.

Ecosystem SDKs:
Lack of mobile resources is a huge factor for their being verry little Web3 Mobile apps. By releases ecosystem SDKs for multiple platofrms we can lower the barrier to entry for new developers. I've scoped several SDKs to target for Swift (iOS).

By providing these tool sets, we aim to empower developers to focus on delivering exceptional user experiences without worrying about complex authentication, access control, and other Web3 challenges.

Check out our Roadmap for what was completed on our main repo README

Challenges I ran into

General Development

  1. Auth4Flow is based of the open source project Warrant. However I was already signifigant into modifing the core application to add blockchain native authentication when I discovered the OSS version does not support scoped session like their cloud version does. This required significant time to develop a session management system for the application.

  2. Since Warrant was only designed for Authorization, the authentication functions needed to be developed from scracth. However, this turned out to be of great benefit as furhter modified the system to support Blockchain Native & Walletless Onboarding authorization flows.

  3. flow-go-sdk

    does not have a function to verify account-proofs, this needed to be reverse engineered from the JS SDK.

Flow Specefic

  1. As Walletless Onboarding is still under active development, it has been extremely difficult to find documentation and resources to make this work. Figuring out how to make this work has required extensive code reviews of various projects.

  2. NFT/FT gated tenants, roles, and permissions required integrations with the NFT Catalog which does not have a Go SDK, it also required creating a script generator to combine the checks into a single scripts. This system need to be optimized to scale better as these checks are currently run each time a new session is created for security reasons but this can lead to poor user expeirence if scripts takes time to query the blockchain and update those values.

  3. Creating an Event Monitor Service that could provide both Websocket feeds as well as securely gate roles, permissions, and other authz object tooks quite some time to get right. Especially so you could add hundreds of monitors and stay within the new API rate limts. While gated access was not completed, WS monitoring is fully supported via the API at this time.

Mobile Specefic

  1. Warrant did not have an SDK for Swift, requiring it to be developed from scatch.