Why Farcaster Doesn't Need OAuth 2.0
OAuth exists to let three separate parties (user → platform → third-party app) establish mutual trust. Farcaster is built on a decentralized architecture that collapses this triangle:
1. Identity & Authentication
- User-owned keys: A user controlled crypotgraphic signature proves control of a Farcaster ID—no intermediary.
-
Dev mappings
- Sign In with X → Sign-in with Farcaster (SIWF)
- OAuth 2.0 Authorization Flow → Quick Auth
2. Data Access & Permissions
- Open, replicated data: Social data like casts, reactions, and profiles live on Snapchain and can be read by anyone.
- No permission scopes: Everything is already public; you filter what you need instead of requesting scopes.
- Zero-cost reads: Sync the chain yourself or hit a public indexer—no rate caps, no $5k +/month fire-hoses.
- Cryptographic writes: Users can delegate a key to applications so the applications can writes on their behalf.
-
Dev mappings
- Centralized APIs → Snapchain + infra services (e.g. Neynar)
- Access token → no equivalent, data is public
- Write permissions → App Keys
Builder Takeaways
- Skip OAuth flows—wallet signature = auth.
- Forget permission scopes—use filters.
- Enjoy building permissionlessly