-
Notifications
You must be signed in to change notification settings - Fork 138
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
NEP 0413: Add signMessage
method to Wallet Standard
#413
Conversation
verifyOwner
method to Wallet StandardverifyOwner
method to Wallet Standard
@gutsyphilip Hey, Thanks for the contribution! Please, help us understand whether this PR is marked as drafts because you haven’t polished it from your side or are you waiting for someone’s review. |
I'm working on polishing it and making sure it has all the required information. Any pointers/feedback based on what I have so far? |
@gutsyphilip I am acting as a moderator for the Wallet Standards, so I have not reviewed the proposal itself. I just wanted to make sure those who will potentially review it, set their expectations right. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Awesome work @gutsyphilip!
Mostly comments around clarity but also some questions around the approach and requests to flesh out a few more details in place 🙂
…into nep/wallet-werifyOwner
Hi, I am Ramil from CIDT. We are developing OmniWallet. Regarding this PR I have following questions/ideas:
|
Hi, I added some concerns about this API in this issue on Wallet Selector: near/wallet-selector#434 (comment) But to summarize here: To confirm that the signing was done correctly, the actual data that needs to be validated against is the returned object from const owner = await wallet.verifyOwner({
message: "test message for verification",
});
const recreatedMessage: any = {
...owner,
};
delete recreatedMessage.signature;
const stringified = JSON.stringify(recreatedMessage); Basically, that const data = {
accountId,
message,
blockId: blockInfo.header.hash,
publicKey: Buffer.from(publicKey.data).toString('base64'),
keyType: publicKey.keyType
}; But importantly - it has to look like this exactly, if the verification is going to pass. I find this to not be a very "deterministic" data structure, relying on exact property order on objects doesn't feel very stable. I understand that the message is not encoded directly because of security concerns. But surely there could have been a more "stable" data structure to use in this case? Perhaps just an array with the interface of Secondly, why are we not just sending the public key as a |
Some comments:
@gutsyphilip Giving that the proposal was made 27 days ago, could we aim to pass it from a draft to a proposal by the end of week? what do you think? |
@gutsyphilip based on some @toteto comments, lets please make sure to include a section in which we explain exactly what each parameter is. For example, |
@gagdiez @abacabadabacaba Ethereum's analogous NEP seems to be more generic https://eips.ethereum.org/EIPS/eip-712. IMO the NEP looks good after the latest changes though the If it is separated then this could be generic and the other NEP could be browser wallet specific. I don't understand how a message signing NEP will not inevitably be used for authorization and to prove ownership of an account so I don't see the need to separate in that sense. To be clear IMO we should:
|
As an alternative, we could keep this NEP as-is and, for auth, instruct devs to put the This would allow us to move forward and iterate in future NEPs. |
@esaminu @jon-lewis @abacabadabacaba I added a sentence suggesting to keep a P.S. What I don't fully understand is why the |
Co-authored-by: Jon Lewis <jonathandavidlewis92@gmail.com>
@abacabadabacaba @esaminu please take a look at the comment above, sorry for the ping, just trying to keep the ball rolling on this NEP. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@gagdiez I see that some of my concerns are addressed. However, I feel that the issue with state
is not fully resolved.
Asking developers to include state
in the message
would not only lead to a confusing API for developers. Also, the users will be asked to approve signing some random string as a "message". This will lead to increased alert fatigue among the users, as they would be trained to approve confirmation prompts without understanding them. But not showing the message would undermine the system, as it would be possible that the user didn't see the message they signed.
For this reason, the state and the message should be separate. Also, the state doesn't need to be signed. And the error response should include the state as well, even though it doesn't include the signature, so that random websites could not activate an app's callback even with a fake error response.
Co-authored-by: Vlad Frolov <frolvlad@gmail.com>
@abacabadabacaba thank you for the clarification. I now added |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@gagdiez Indeed they are. While this NEP is far from perfect from the design perspective, at least using it shouldn't result in security issues in the apps as well as the wallets.
@abacabadabacaba Thanks for standing on guard for the security of the NEAR ecosystem! @gagdiez Thanks for addressing all the concerns! Thanks to everyone involved for shaping the NEAR ecosystem! |
would be great if next steps and call to actions post merge were put on this thread @frol |
@nearbuild The next step is getting this NEP implemented in Wallet Selector (see the call for contributors) and Wallets. @Cameron-Banyan Have you had a chance to broadcast it to the Wallet Builders community? |
Non-web Wallets, such as [Ledger](https://www.ledger.com) can directly return the `SignedMessage` (in preference as a JSON object) and raise an error on failure. | ||
|
||
## References | ||
A full example on how to implement the `signMessage` method can be [found here](https://github.com/gagdiez/near-login/blob/main/tests/authentication/auth.ava.ts#L27-#L65). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@gagdiez is there any way/example on how to verify the signature for browser wallets?
The verifySignature function in the example needs the message
, nonce
, recipient
and callbackUrl
to re-construct the payload which was actually signed but we lose all this data on redirect?
What we get back in the URL is only the SignedMessage
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
with the current approach, you will need the user to pass it back to you. If you are implementing an app in which the user is asked to sign a message, then you will need to persist somewhere the parameters, redirect the user to the wallet, get the key+signature from fragment, and the rest of the parameters from the persisted storage.
Summary
This is a proposal for a new NEP regarding Wallet Standards. It covers adding a new method 'verifyOwner` which signs a message and verifies wallet ownership. The message is not sent to blockchain.
References
This interface is now supported by Wallet Selector as shown below:
More developers within the ecosystem have also begun to add support for this to their Wallets.