Authorization to the IPNS using Brave Wallet #32302
Labels
closed/wontfix
feature/web3/ipfs
feature/web3/wallet/core
needs-discussion
Although the issue is clear, we haven't yet reached a decision about the right solution.
needs-investigation
A bug not 100% confirmed/fixed
OS/Desktop
priority/P4
Planned work. We expect to get to it "soon".
PL working on some extensions that would be able to post UGC to the IPNS network.
This issue if for researching how we can use Brave Wallet for user authorization, so user could restore his access to the content he published before.
For example we could generate master key using mnemonic, and then do smth like approach we have in HD keyrings to generate related keys similar to wallet accounts.
We can use mixture of mnemonic, extension id(origin), folder name, article title and index to derive IPNS key.
Also we should understand how granting access should work for extensions, since once IPNS key added to the Kubo it will be available to all extensions which have access to local Kubo node. So such extensions could identify wallet users by accessing public IPNS keys even if brave wallet is locked.
cc @kylehickinson
ATM Extensions are working with the local node using WebRequest API to modify request headers(to bypass origin check) and scanning localhost if it runs IPFS node.
Probably we should implement IPFS publish API instead with origin check policy and authorization. Or we could just stay with legacy for the MVP but add some explicit warning about deriving wallet keys from the seed.
The text was updated successfully, but these errors were encountered: