Skip to content

[P-1139] [P-1130] [P-1138] Add detect_wallet action, refactor identify function #56

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 14, 2025
Merged

[P-1139] [P-1130] [P-1138] Add detect_wallet action, refactor identify function #56

merged 1 commit into from
Apr 14, 2025

Conversation

@TamHuynhTee
Copy link
Collaborator

No description provided.

@linear
Copy link

linear bot commented Apr 10, 2025

P-1139 session.isIdentified check does not handle multiple identify calls in the same session

Currently the session is identified after the first identify(0xA) call.

What happens if in the same session there are are multiple identify calls:

  • identify(0xA)
  • identify(0xB)

Will the second call be skipped?

  /**
   * Emits an identify event with current wallet address.
   * param {Address} params.address
   * returns {Promise<void>}
   */
  public async identify({
    address,
    providerName,
    rdns,
  }: {
    address: Address | null;
    providerName?: string;
    rdns?: string;
  }): Promise<void> {
    if (this.session.isIdentified())
      return logger.warn("Identify: Wallet already identified in this session");

    this.session.identify();
    await this.trackEvent(Event.IDENTIFY, {
      address,
      providerName,
      rdns,
    });
  }

P-1130 Event seconds are not recorded in Tinybird causing unexpected event order

All the events seem to have 00 seconds:

Screenshot 2025-04-08 at 18.54.44.png

This can result in an unexpected order of events:

https://app.formo.so/teams/94f54b87-0209-4411-90dc-0e24a186c729/projects/formo.so/profiles/0x94b305f3c18232799333cb6dc3d0b6f8ad8f4fd9

For this user we get the following events:

Screenshot 2025-04-04 at 13.38.37.png

The order is unexpected: why is disconnected wallet before connected wallet? Check if the disconnected wallet event has the same or older timestamp than the identified and connected wallet event

Show event seconds in the activity feed "10:44:15 PM"

Screenshot 2025-04-08 at 18.56.00.png

P-1138 Privacy: Replace identifyAll with detect wallet, add detect event, Remove automatic GET /user call

Currently we call identifyAll() in init() but this is illegal apparently.

🚫 Most analytics tools do NOT automatically call identify() on page visit

// Automatically resolving from backend or cookie without consent
analytics.identify(userId); // 👎 Not safe if user hasn’t logged in

If you auto-identify users (GET /user) without login the moment someone connects a wallet (or even worse, when they visit), you could:

  • De-anonymize someone without consent
  • Violate GDPR/CCPA if you're tying public address → private profile
  • Expose someone’s full profile in the network tab

So, until you call identify(userId) manually (typically after login/signup), the user is tracked anonymously.

✅ TL;DR:

  • Most tools do NOT call identify() automatically
  • They DO track anonymous activity with a unique, persistent anonymous ID
  • You must manually call identify(userId) once the user logs in or signs up

Preferred flow:

// 1. User connects wallet
const address = "0x123...abc";

// 2. Verify ownership (e.g., connect wallet, sign message, SIWE)
const verified = await siweLogin(address);

// 3. Fetch backend-issued user ID
const user = await fetch(`/user?address=${address}`, {
  headers: { Authorization: `Bearer ${verified.token}` }
});

// 4. Identify using stable user ID
analytics.identify(user.userId, {
  address,
  ens: user.ens,
});

yosriady
yosriady requested changes Apr 10, 2025
View reviewed changes
src/FormoAnalytics.ts
}
}

// TODO: Refactoring => public this function as API
Copy link
Contributor

@yosriady yosriady Apr 10, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For this, I'd like users to be able to call this after the install snippet (even right after initialization):

<script>
window.formo.identify()
</script>

The above should trigger the old identifyAll() behaviour

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

will refactor this in https://linear.app/getformo/issue/P-1056/refactor-sdk-following-rudderstackjitsu-best-practices

@TamHuynhTee TamHuynhTee force-pushed the feature/detect-wallet branch from a2710ef to ce105b4 Compare April 14, 2025 02:47
@TamHuynhTee TamHuynhTee requested a review from yosriady April 14, 2025 02:48
@yosriady yosriady merged commit ac1f65c into main Apr 14, 2025
2 checks passed
@yosriady yosriady deleted the feature/detect-wallet branch April 14, 2025 08:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@yosriady yosriady yosriady approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@TamHuynhTee @yosriady