Connecting Phantom to a Web App Changed How I Think About "Login"

Tanisha fonseca — Tue, 28 Apr 2026 01:05:30 +0000

On Day 4 of #100DaysOfSolana, I built a small Vite app that connects to a browser wallet. The feature itself is maybe 30 lines of code. The mindset shift it triggered is harder to measure.

What I Built

A minimal web app that:

Detects installed wallets using getWallets() from @wallet-standard/app
Filters for Solana-compatible wallets by checking wallet.chains
Prompts Phantom to connect with one button click
Displays the connected address and devnet balance

import { getWallets } from "@wallet-standard/app";

const { get } = getWallets();
const solanaWallets = get().filter(wallet =>
  wallet.chains.some(chain => chain.startsWith("solana:"))
);

No API keys. No backend. No session management. The wallet handles all of it.

What Surprised Me

In Web2, "Sign in with Google" feels like a convenience feature, you're still handing your identity to Google, who hands a token to the app. The app trusts Google. You trust Google. Everything flows through Google.

With Phantom, the app never sees your private key. It never talks to a central auth server. It sends a connection request to your wallet extension, which prompts you to approve it. If you approve, the app gets your public address, nothing more. Every subsequent action that needs your signature goes through the same approval flow.

The trust model is completely inverted. The app doesn't authenticate you. You authenticate yourself, and the app just observes the result.

"Sign in with Phantom" isn't "Sign in with Google for Web3." It's closer to showing your passport, the app sees proof of who you are, but it never holds the passport.

What's Next

Week 2 is about writing transactions and moving tokens on-chain. I'm looking forward to seeing how that signing flow works end-to-end from the user clicking a button, to Phantom prompting for approval, to the transaction landing on devnet.

If you're following along, drop your wallet setup experience below. Did anything about the browser wallet model surprise you?

Part of my #100DaysOfSolana journey.

You Already Understand Solana Identity: You Just Don't Know It Yet

Tanisha fonseca — Tue, 28 Apr 2026 00:59:53 +0000

A Web2 developer's guide to on-chain identity, from SSH keys to self-sovereignty

Let me tell you about the moment it clicked for me.

I was on day three of learning Solana, staring at a terminal that had just printed a 44-character string: my new wallet address. I ran one function, and suddenly I existed on a global, permissionless network.

That felt like magic. But it's not magic. It's math you've already worked with before.

The SSH Key You've Been Using Without Realizing It

If you've ever set up a GitHub account with SSH access, you've done this:

ssh-keygen -t ed25519 -C "your_email@example.com"

That command creates two files: a private key (which you protect carefully) and a public key (which you paste into GitHub). GitHub stores your public key. When you git push, your computer signs the request with your private key, GitHub verifies it with the public key you gave them, and you're authenticated no password needed.

Solana identity works on the exact same algorithm. Ed25519. Two keys, one pair.

The difference? On Solana, there's no GitHub in the middle. You don't give your public key to anyone. You broadcast it to a network of thousands of validators, and your identity is established by mathematical proof alone. The "server" that recognizes your key is the entire Solana blockchain.

import { generateKeyPairSigner } from "@solana/kit";
const wallet = await generateKeyPairSigner();
console.log(wallet.address); // Your address

One function call. No server. No company. You just created a valid identity on a global financial network, entirely offline if you wanted to.

Your Username Lives in Someone Else's Database

Here's a thought experiment: open Twitter, GitHub, and your bank in three browser tabs.

In each one, there's a record in a database somewhere that says "this email + this password = this user." That's your identity. And here's the uncomfortable truth: it's not really yours. It's theirs. They let you use it.

Twitter can ban your account. Your followers, your handle, your history — gone.
GitHub can suspend your repositories.
Your bank can freeze your funds pending review.

These aren't hypothetical edge cases. They happen regularly. The companies aren't necessarily being malicious they're following their own rules, regulations, or algorithms. But the point stands: you have access because they allow it, not because you cryptographically own anything.

A Solana address is different at a fundamental level. It looks like this:

14grJpemFaf88c8tiVb77W7TYg2W3ir6pfkKz3YjhhZ5

That 44-character string (a 32-byte Ed25519 public key encoded in Base58) is your identity. Not a pointer to a record in a database ,the identity itself. The Base58 encoding is a thoughtful detail: it deliberately excludes characters like 0, O, I, and l that look similar in most fonts, because humans are the ones copying and pasting these addresses.

And ownership of everything associated with that address is proven by one thing only: possession of the corresponding private key. There is no admin panel that can override this. There is no customer support workflow. No one can reset your account because there is no account, there's a cryptographic relationship between a public and private key.

What This Unlocks

At this point, a reasonable Web2 developer might say: "Okay, so it's a decentralized username. Cool, I guess."

But on-chain identity isn't a replacement for usernames. It's a foundation that enables things that simply aren't possible in Web2 without enormous coordination overhead.

Token ownership is the obvious one. When you hold SOL or a token in your wallet, you hold it directly. There's no custodian, no brokerage, no settlement delay. The network's state says your address owns those tokens, and only your private key can authorize moving them.

Program interactions work the same way. Every time you interact with a Solana program (think: a smart contract, a DeFi protocol, an NFT marketplace), you sign the transaction with your private key. The program knows exactly who called it. There are no sessions, no cookies, no JWT tokens to steal.

Governance becomes meaningful. When a DAO votes on a proposal, each vote is a signed transaction. You can verify on-chain that exactly the right addresses cast exactly the right votes, and that no one voted twice. The auditability is free and automatic.

Reputation is portable. In Web2, your reputation on GitHub doesn't follow you to LinkedIn, which doesn't follow you to Twitter. On Solana, your address accumulates history everywhere, every protocol you've used, every NFT you've minted, every DAO you've participated in — and it's all publicly readable by anyone building on the network.

The Tradeoff Worth Naming

None of this is free. The tradeoff for removing the middleman is that you are now responsible for your private key.

In Web2, "I forgot my password" is a solvable problem. There's a reset flow, a support ticket, a backup email. On Solana, if you lose your private key and your seed phrase, your funds are gone. The network isn't being cruel it genuinely cannot help you, because there's no back door to an account that doesn't exist as a record in anyone's database.

This is why wallet UX matters so much. Browser extensions like Phantom and Solflare exist to manage this complexity, they store your private key encrypted behind a password, derive it from a human-readable seed phrase, and let you sign transactions without ever exposing the raw key to the applications you use. Hardware wallets go further, keeping the key inside a physical device that never lets it leave.

The underlying math is the same everywhere. The security model just shifts where you place your trust: in a company's servers, or in your own custody of a string of words.

A Week In

Seven days ago, I couldn't generate a keypair without following a tutorial. Now I understand that a Solana address isn't some exotic blockchain thing it's an Ed25519 public key, the same algorithm your SSH config uses, deployed on a global network instead of a single server.

The cryptography didn't change. What changed is the architecture around it: no central authority, no database, no company that can revoke your access. Just math, validators, and the private key only you hold.

That, I think, is what "decentralized identity" actually means not a buzzword, but a very specific shift in who controls the proof of ownership.

And it started with one function call that printed 44 characters to my terminal.

This post is part of my #100DaysOfSolana series. Follow along as I go from zero to building on Solana, one day at a time.

100daysofsolana solana web3 blockchain beginners*

DEV Community: Tanisha fonseca