Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jl/caip multichain/caip 25 permission origin #26296

Merged
merged 16 commits into from
Aug 2, 2024

Conversation

jiexi
Copy link
Contributor

@jiexi jiexi commented Aug 1, 2024

Description

  • Add isMultichainOrigin flag to the CAIP-25 permission
  • Unsure if this should have been added as a separate caveat or not though
  • Consider CAIP-25 permission inapplicable in the multichain flow if isMultichainOrigin is false for the existing authorization
  • Allow all previously implicit permissions in the EIP-1193 flow when there is a no CAIP-25 permission, or the CAIP-25 permission has isMultichainOrigin as false
  • Enforce the CAIP-25 permission in the EIP-1193 flow when the CAIP-25 permission has isMultichainOrigin true
  • Set isMultichainOrigin true when CAIP-25 permission is granted as part of the multichain flow via provider_authorize
  • Set isMultichainOrigin false when a CAIP-25 permission is granted (not updated) as part of eth_requestAccounts or wallet_requestPermissions in the EIP-1193 flow

Open in GitHub Codespaces

Related issues

See: https://github.com/MetaMask/MetaMask-planning/issues/2922
See: https://github.com/MetaMask/MetaMask-planning/issues/2862

Manual testing steps

  1. Go to this page...

Screenshots/Recordings

Before

After

Pre-merge author checklist

Pre-merge reviewer checklist

  • I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
  • I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

Copy link
Contributor

github-actions bot commented Aug 1, 2024

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

@jiexi
Copy link
Contributor Author

jiexi commented Aug 1, 2024

@metamaskbot update-policies

@metamaskbot
Copy link
Collaborator

Policies updated

expect(next).toHaveBeenCalled();
});

it('allows the request if the requested scope method is authorized in the wallet scope and the current scope does not exist in the authorization', async () => {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

oh ok I see. this is an interesting interpretation that we should probably discuss. wallet_watchAsset is authorized in the wallet scope and we're saying it can be used against any other scope in the session. Not saying its wrong. Hadn't thougth about this case tho

Copy link
Contributor

@adonesky1 adonesky1 Aug 1, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah this is a weird one. I remember we talked about this and decided something like either

  • wallet scoped methods should actually contain a list of CAIP-2 scopes that they're authorized to be called with
    or
  • they should be authorized within each scope they will be used with

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Something to discuss with casa. but what are your thoughts on these options?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

both are a little awkward, but the latter is easier to implement. With this particular method, wallet_watchAsset, it makes more sense to associate it with a specific chain/scope, but that isn't necessarily the case with other wallet_ methods. If we take a look at wallet_swapAssets, it's no longer as obvious what we should do. Does specifying wallet_swapAssets for a scope mean that we can send from, send to, or both? CAIP-25 authorizations do not let us be this specific

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yea agreed. This needs further definition. I agree the latter approach is simpler and probably what we should do for now

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

addressed 0751af2

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Asked @bumblefudge about this in CASA discord

Copy link
Contributor

@adonesky1 adonesky1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a few nits and question

@adonesky1
Copy link
Contributor

LGTM!

@@ -189,6 +189,7 @@ export async function providerAuthorizeHandler(req, res, _next, end, hooks) {
value: {
requiredScopes: grantedRequiredScopes,
optionalScopes: grantedOptionalScopes,
isMultichainOrigin: true,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should we maybe put this in sessionProperties to store it?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤔 maybe? So we'd add it to all permissions even if not present in the request? I suppose thats okay. Happy either way

@jiexi jiexi marked this pull request as ready for review August 2, 2024 18:31
@jiexi jiexi requested a review from a team as a code owner August 2, 2024 18:31
@jiexi jiexi merged commit 9b4192e into caip-multichain Aug 2, 2024
31 of 46 checks passed
@jiexi jiexi deleted the jl/caip-multichain/caip-25-permission-origin branch August 2, 2024 18:42
@github-actions github-actions bot locked and limited conversation to collaborators Aug 2, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

4 participants