Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

I can't use window.ethereum.disable() and window.ethereum.close(). #10353

Open
liangzai927 opened this issue Feb 3, 2021 · 26 comments
Open

I can't use window.ethereum.disable() and window.ethereum.close(). #10353

liangzai927 opened this issue Feb 3, 2021 · 26 comments

Comments

@liangzai927
Copy link

1612331861(1)
1612332065(1)
Please tell me where is my false. Thanks

@Gudahtt
Copy link
Member

Gudahtt commented Feb 3, 2021

Thanks for the report! Could you explain what you're trying to do? Neither of those two methods exist on our Ethereum provider.

@Gudahtt Gudahtt added the needs-information Needs additional information from the user who reported the issue label Feb 3, 2021
@liangzai927
Copy link
Author

Thanks for the report! Could you explain what you're trying to do? Neither of those two methods exist on our Ethereum provider.

I want the current page to disconnect from MetaMask

@Cristianthor

This comment has been minimized.

@Cristianthor

This comment has been minimized.

@Gudahtt
Copy link
Member

Gudahtt commented Feb 4, 2021

I don't think we support that operation unfortunately. We could consider adding a method like that though.

Why do you want to disconnect? It would help if we understood the purpose.

@liangzai927
Copy link
Author

I don't think we support that operation unfortunately. We could consider adding a method like that though.

Why do you want to disconnect? It would help if we understood the purpose.

We want the user to be able to disconnect from the metaMask on the current page as well, so that the user can only disconnect from the metaMask on the current page instead of locking the metaMask, so that other pages will remain connected to the metaMask. I don't know if I'm making this clear

@Gudahtt
Copy link
Member

Gudahtt commented Feb 5, 2021

Right, that all makes sense. But the motivation is still unclear to me. The dapp will disconnect from MetaMask when the page navigates, and that's sufficient for most dapps. If you don't want to use the MetaMask provider, you can simply ignore it.

Does leaving the connection open have some negative consequence that you're trying to avoid? e.g. do you just not want events to get triggered anymore, or do you want to reduce the amount of postMessage noise, or are you looking to optimize performance, or is it something else?

@Cristianthor

This comment has been minimized.

@liangzai927
Copy link
Author

metamask
How can I realize the disconnection operation in the animation?

@danfinlay
Copy link
Contributor

I've added an issue on rpc-cap to describe one of the internal changes we'd need to make to support this:
https://github.com/MetaMask/rpc-cap/issues/131

@lgrapenthin
Copy link

What if I'm on MetaMask mobile where there isn't even any disconnect functionality provided by MetaMask itself, and want to switch the account I'm using in the dapp. Its impossible.

@Gudahtt
Copy link
Member

Gudahtt commented Jun 21, 2021

On MetaMask Mobile, switching the selected account in the wallet will also switch the account used in-dapp. You should not need to 'disconnect' anything to switch accounts.

@KBKUN024
Copy link

@liangzai927 Now you have the solution yet? I got a same problem,please help!

@whohideonbug
Copy link

@liangzai927 Now you have the solution yet? I got a same problem,please help!

hello , have you already handled the problem? I got the same.

@nalin
Copy link

nalin commented Dec 15, 2021

Right, that all makes sense. But the motivation is still unclear to me. The dapp will disconnect from MetaMask when the page navigates, and that's sufficient for most dapps. If you don't want to use the MetaMask provider, you can simply ignore it.

Does leaving the connection open have some negative consequence that you're trying to avoid? e.g. do you just not want events to get triggered anymore, or do you want to reduce the amount of postMessage noise, or are you looking to optimize performance, or is it something else?

The motivation is using MetaMask directly as an authentication mechanism and close() or disable() would offer functionality similar to a "logout". I don't think that this is an intended use case for MetaMask and web3 providers so maybe some documentation on how to integrate MetaMask with Firebase Auth or other auth frameworks would serve the community well.

@Gudahtt
Copy link
Member

Gudahtt commented Dec 15, 2021

Thanks for the clarification! Connecting with MetaMask does not authenticate the user at all, it just exposes the user's account to the site and enables certain methods to be called. There is no proof that the user is who we say they are, because there's no guarantee that the window.ethereum you are interacting with is MetaMask's provider. It would be trivially easy to write an extension that injected a "fake" provider that pretended to be someone else's account for example, which would let anyone "log in" as anyone else.

Many sites do use the "Log in with MetaMask" pattern, but it needs to include a signature, which your site can verify. The signature is the authentication step. Then "logging out" is throwing the signature away.

You are absolutely right that we should have documentation that describes how to do this. I have created an issue for that here: MetaMask/metamask-docs#318

@nalin
Copy link

nalin commented Dec 15, 2021

@Gudahtt that makes sense. thanks for adding the issue. for anyone wondering how to do this, here is a writeup of how to use metamask with firebase auth:
https://eliteionic.com/tutorials/creating-web3-login-with-ethereum-metamask-firebase-auth/

@tmm
Copy link

tmm commented Jan 12, 2022

This comment on a linked issue seems worth surfacing:

I think this would be a great addition. I understand it may not technically be needed.

However as we try to move dapps towards more traditional web users not having a "log out" like feature/feel could be a barrier to entry. New users to the space may feel uneasy seeing that their wallet can be easily "reconnected" even tho they may have "logged out". I have seen many dapps fake the log out experience which could damage the trust in MetaMask even tho it is not MetaMask fault.

For example, OpenSea (a widely-used app) has a "Log out" button that appears to "disconnect" the account, but upon refreshing the page, you are still connected.

CleanShot.2022-01-12.at.09.49.08.mp4

Developers should take accountability and not build bad experiences like this, however, it seems like there is a good opportunity to help users feel more secure regardless of developers actions.

@Raz-CurveLabs
Copy link

Raz-CurveLabs commented Jan 28, 2022

For me, the need for a disconnect function is psychological.

There's a UX heuristic that states it should be easy for users to undo actions. While true that users can disconnect by opening Metamask and disconnecting from within the wallet, it's not the first place users would look. I think many users will look for a disconnect option around the same place where they connect in the first place. I think the presence of an obvious undo option is in some ways a signal of trust itself. Want to change your mind? Sure, we'll make it easy for you to do. I'm not a fan of Amazon for this very reason. Ever try to cancel your account? It's completely hidden.

I suspect this is why many Dapps provide a disconnect option, even though it's a bit of a placebo. There are many examples of placebo buttons in design, so there is precedence for implementing buttons that solve a psychological need instead of a technical one. Examples of placebo buttons include elevator call buttons and crosswalk buttons.

Beyond that, maybe one 'technical' need could be convenience. Currently, to disconnect from a site, I need to open Metamask, click the connected button, click the three dots icon to display the disconnect option, and finally select the disconnect option. Maybe a solution could be that a disconnect function triggers the wallet to open directly to a confirmation dialog where users can confirm the disconnect with a single click. This would reduce the number of steps from 4 to 2, and if it is triggered from the Dapp UI, it could solve the issue of having an obvious undo option in the UI layer. I mean, a disconnect function exists in the wallet UI, so why not make it easy for the user?

@Brodan
Copy link

Brodan commented Mar 16, 2022

Seconded many of the comments above. I don't like that I can't properly disconnect a site from the front-end. Refreshing only to see that you're still connected via MetaMask is a poor UI. What website do you know that lets you click log-out, only to refresh and see you are still logged in? This UI is begging for mistakes.

In the event of someone connected with multiple accounts, this design could result in someone using the wrong account for something because they thought they previously disconnected one of the accounts.

This seems like it should be a no-brainer to include.

@lm93547
Copy link

lm93547 commented Apr 13, 2022

Seconded many of the comments above. I don't like that I can't properly disconnect a site from the front-end. Refreshing only to see that you're still connected via MetaMask is a poor UI. What website do you know that lets you click log-out, only to refresh and see you are still logged in? This UI is begging for mistakes.

In the event of someone connected with multiple accounts, this design could result in someone using the wrong account for something because they thought they previously disconnected one of the accounts.

This seems like it should be a no-brainer to include.

Agreed. Terrible UX choice.

@vincenzor
Copy link

Currently building a dAPP and I'm struggling to create a simple "Disconnect" button. How does something so obvious need to be discussed so much??

@vicglarson
Copy link

two years for trivial fix. good job.

@ohenepee
Copy link

To add to this UX and user psychological pain-point... now that I know that any disconnect function is just a facade, I'm still struggling on how to prevent users from asking me obvious questions like how do I disconnect my wallet from your dapp. Every word or phrase I can think of has an "obvious" antonym.

Log/Sign In = Log/Sign Out
Connect = Disconnect
Request/Grant Access = Revoke/Deny Access
Use Metamask = an obvious question of "how do I stop using Metamask on your dapp?"

@omarabid
Copy link

omarabid commented Jun 28, 2023

@Gudahtt Properly authenticating users is the sole responsibility of the maintainers of the Web 3.0 Dapps. Metamask is not an authentication mechanism and anyone using as such should hold the full blame. There is no need for you to mention this, write or really care about it.

That being said, the disconnect functionality is cosmetic. As some other commenters put it, instead of having to pull the MetaMask popup and press many buttons, I just go to my profile dropdown and disconnect. This should, in theory, both de-authenticate you (by purging some authentication tokens your service created) AND cancel the the metamask link just for the eyes of the user.

Hopefully, that convinces you to make this change as I spent the last hour trying to figure out why Wagmi was not properly cancelling the connection.

@marcomele
Copy link

@Gudahtt This is a big inconvenient for developers of apps that allow users to connect and manage multiple wallets; not being able to disconnect a wallet from metamask makes it impossible to properly allow control over the user's connections from the application.

We all agree this is not a logout, we are all specifically asking to be able to diconnect the wallet, which is a well understood and already available concept, just not programmatically—it's not like disconnecting is not a thing. And like @omarabid mentioned, going through the extention requires several steps; some of us are actually trying to build for the truly unfamiliar user, so being able to provide something so simple would be great.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests