Chain Agnostic Provider Handshake #25
Conversation
There was a problem hiding this comment.
<editor_mode>
Thanks for the PR. Formally it is good - so I approve it and am happy to merge.
</editor_mode>
<user_mode>
Not really happy about the wording "authenticate". Wikipedia says about authentication:
is the act of proving an assertion, such as the identity of a computer system user.
and I do not see any proving of assertion here. Maybe something like handshake could be a better name here?
Also maybe we should not reduce the answer to yes or no. An alternative I imagine could be that the client requests a set of chains and functions and the response could be a subset of functions/chains and accounts. (just thinking out loud here as I think there could be cases where functions or chains could be optional)
</user_mode>
Agreed... I wasn't also very happy with the wording "authenticate" since there isn't an actual signature being returned either to verify account ownership or to authenticate the set of methods requested. Suggested replacements: andshake, disclosure, connection, agreement, initialization
Technically there are multiple error messages to describe the reason for rejecting this method. However my reasoning for not allowing a partial approval is to provide a clear intent of the dapp requirements In theory a dapp would strictly need these methods to provide complete functionality of its application. However we could provide a partial approval with the potential of requesting methods later on with a second method. Im not a huge fan of this approach but Im open for discussing it in more detail |
I think we should go with handshake as stated in the first comment
ack - let's do this in a subsequent CAIP to keep things simple in the beginning - should also cover most paths let's just say all chains and methods here are mandatory. Later on we can e.g. add the parameters optional_chains and optional_methods so dApps can handshake on and probe for optional chains and methods |
|
Alright I will rename all "authentication" mentions on this standard proposal to "handshake" |
pedrouid
changed the title
|
Awesome! This is great and totally relates to MetaMask/metamask-extension#1820 -- Didn't even realize this exists when I posted my Question: Should others APIs that are not specified but supported by the chain still be callable, blocked, or should this decision be up to the wallet implementation? E.g. when they specifying What do you think of making this choice explicit e.g. and then
|
|
Yeah exactly. I want the provider to be explicit about the methods it wants to use. One could add That being said I'm not sure if wildcards should be valid unless they are prefixed, eg: |
As a result of the discussion in #24 I've created a new proposal focused on chain agnostic provider authentication