feat: ADR-036: Arbitrary Message Signature Specification #7896
Conversation
Co-authored-by: Robert Zaremba <robert@zaremba.ch>
Co-authored-by: Robert Zaremba <robert@zaremba.ch>
Co-authored-by: Robert Zaremba <robert@zaremba.ch>
…i/signature-adr # Conflicts: # docs/architecture/adr-036-arbitrary-signature.md
Co-authored-by: Robert Zaremba <robert@zaremba.ch>
|
closing due to staleness. Once the sdk team has dev cycles or a contributor is willing to complete this we can reopen it. Please do not reopen if there is not a plan to completion |
|
@marbar3778 I can pick up this PR. May you re-open it? Will work on it starting on Monday |
|
Are you able to push to this branch or want to open a new pr? |
|
@marbar3778 Oh yeah I don't have write permissions to the repo. I think the only way for me is to open a new PR. It would be a shame to loose all the history though 🤔 |
|
@RiccardoM you should be able to push here now |
…mplement-adr-034 � Conflicts: � go.sum
|
May I get one review from @robert-zaremba @webmaster128 please? I think there isn't much more work to be done in order to close this honestly |
| @@ -0,0 +1,74 @@ | |||
| package adr038 | |||
|
Thank you @RiccardoM for helping getting this over the finish line! @aaronc expressed some concern during the triage call that was received from upstream SDK consumers:
Do you have an idea of how far off line we are with respect to EIP-4361 or if the concern is even valid? We can still get this merged, but I want to make sure we cover all bases, or least as many as possible to make this feature as viable as possible for clients. |
|
would love @zmanian input on the above as well |
|
I've noticed the spec contains:
But the rules contained in that same section do not specify what the value for |
|
for eip-4361 type applications, the nonce is server provided vs the on chain sequence number. So the nonce would be set in the challenge |
|
converted to draft for now. |
I am one of the people that @aaronc references as an "upstream SDK consumer" with concerns about the text of this ADR. Our specific use-case is where an ordinary (not web3) "website" which may or may not also be connected to a blockchain, may wish to accept a wallet-based authentication (see Keplr/Commonwealth for example). In this case, I'd like the rules to make it easier for the wallet user to understand what is going on, and also allow for the possibility of the transaction being put on-chain, and perhaps not on a chain already known to the user (keplr allows the server to propose chain parameters for a new key to be created, linked to a new chain unknown to the wallet, for example). So, for example: "The transaction for signing MUST contain a human-readable memo conforming to these general rules" (note: EIP 4361 gives an actual template) The security parameters (e.g. nonce and timestamp) MUST be specified, and ideally it should be possible to verify the requester's signature over these fields, to ensure the signature is a valid request for the recipient. |
|
closing in favour of an issue for now |
Description
tentative implementation for #7727
also there's an example implementation of a rest API that does signing and verification off offline messages with postman's collection for testing: https://github.com/fdymylja/adr036-example/blob/master/main.go
Before we can merge this PR, please make sure that all the following items have been
checked off. If any of the checklist items are not applicable, please leave them but
write a little note why.
docs/) or specification (x/<module>/spec/)godoccomments.Unreleasedsection inCHANGELOG.mdFiles changedin the Github PR explorerCodecov Reportin the comment section below once CI passes