-
Notifications
You must be signed in to change notification settings - Fork 23
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(sessions): session permissions storage API #242
Open
geekbrother
wants to merge
8
commits into
main
Choose a base branch
from
feat/bcapi_permissions
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Changes from all commits
Commits
Show all changes
8 commits
Select commit
Hold shift + click to select a range
1a834c8
feat(sessions): session permissions storage API
geekbrother af51899
feat: updating schema, keys generation added
geekbrother f2ecd31
feat: adding permissions context updating
geekbrother c5284e4
fix: chores, addressing comments
geekbrother 10733a3
fix: adding fields description and error codes
geekbrother 836180f
fix: removing unstable, fixing context to be in line with ERC7715
geekbrother 162a7fe
fix: key format changes, chores
geekbrother e471921
fix: return all permissions by address
geekbrother File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
180 changes: 180 additions & 0 deletions
180
docs/specs/servers/blockchain/blockchain-permissions-api.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,180 @@ | ||
# Blockchain API Sessions and Permissions | ||
|
||
## Sessions permissions storage | ||
|
||
### Get permissions list for account | ||
|
||
Used to get account list of active sessions | ||
|
||
`GET /v1/sessions/{address}?projectId={projectId}` | ||
|
||
* `address` - CAIP-10 address format. | ||
* `projectId` - Required. The project identifier. | ||
|
||
#### Success response body: | ||
|
||
```typescript | ||
{ | ||
pci: string[] // List of sessions PCIs for this account | ||
} | ||
``` | ||
|
||
#### Response error codes: | ||
|
||
* `400 Bad request` - Invalid requested address format. | ||
|
||
### Get permissions by address | ||
|
||
Used to get permissions by address | ||
|
||
`GET /v1/sessions/{address}?projectId={projectId}` | ||
|
||
* `address` - CAIP-10 address format. | ||
* `projectId` - Required. The project identifier. | ||
|
||
#### Success response body: | ||
|
||
The response is a list of PCIs with permissions and policy: | ||
|
||
```typescript | ||
{ | ||
"pcis": [pci] | ||
} | ||
``` | ||
|
||
The `pci` object: | ||
|
||
```typescript | ||
{ | ||
"project": | ||
{ | ||
"id": string, | ||
"name": string, | ||
"url": ?string, | ||
"iconUrl": ?string, | ||
} | ||
"pci": string, | ||
"expiration": number, | ||
"createdAt": number, | ||
"permissions": [permission] | ||
"policies": [policy], | ||
"context": string | ||
} | ||
``` | ||
|
||
#### Response error codes: | ||
|
||
* `400 Bad request` - Invalid requested address format or PCI not found. | ||
|
||
## Add a new permission | ||
|
||
Creating a new permission session for the account | ||
|
||
`POST /v1/sessions/{address}?projectId={projectId}` | ||
|
||
* `address` - CAIP-10 address format. | ||
* `projectId` - Required. The project identifier. | ||
|
||
### Request body: | ||
|
||
The POST request body should be in JSON format and following schema: | ||
|
||
```typescript | ||
{ | ||
permission: | ||
{ | ||
"permissionType": string, | ||
"data": string, | ||
"required": boolean, | ||
"onChainValidated": boolean | ||
} | ||
} | ||
``` | ||
|
||
Comment on lines
+80
to
+93
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Request body should have permission struct defined in ERC7715 + extra field |
||
#### Success response body: | ||
|
||
Response will contain a new generated key and PCI of the new permission. | ||
|
||
```typescript | ||
{ | ||
pci: string, // New unique permission controller identifier. | ||
key: string // Public (verifying) secp256k1 key for the generated PCI key in sec1/der format encoded by base64. | ||
} | ||
``` | ||
|
||
#### Response error codes: | ||
|
||
* `400 Bad request` - Invalid parameter format in request. | ||
|
||
## Updating permissions context | ||
|
||
Updating permissions context for the certain permission idenitifier. | ||
|
||
`POST /v1/sessions/{address}/context?projectId={projectId}` | ||
|
||
* `address` - CAIP-10 address format. | ||
* `projectId` - Required. The project identifier. | ||
|
||
### Request body: | ||
|
||
The POST request body should be in JSON format and following schema based on the [ERC-7715](https://github.com/ethereum/ERCs/blob/a75e2d80698441f5da9e0fe98d38122a862aed89/ERCS/erc-7715.md#signers): | ||
|
||
```typescript | ||
{ | ||
pci: string, // PCI to update | ||
signature: string, // Signature of canonicalized JSON `context` object signed by the key provided during the permission creation. The signature must be provided as DER, SEC1 and encoded in Base64 format. | ||
context: { | ||
signer: { | ||
type: string, | ||
data:{ | ||
ids: string[], | ||
} | ||
}, | ||
expiry: number, | ||
signerData: { | ||
userOpBuilder: string | ||
}, | ||
factory: string, | ||
factoryData: string, | ||
permissionsContext: string | ||
} | ||
} | ||
``` | ||
|
||
#### Success response body: | ||
|
||
* `200 Ok` - Successfully updated. | ||
|
||
#### Response error codes: | ||
|
||
* `400 Bad request` - Invalid parameter format in request. | ||
* `401 Unauthorized` - Invalid signature. | ||
|
||
## Revoke permission | ||
|
||
Revoking a permission from account sessions. | ||
|
||
`POST /v1/sessions/{address}/revoke?projectId={projectId}` | ||
|
||
* `address` - CAIP-10 address format. | ||
* `projectId` - Required. The project identifier. | ||
|
||
### Request body: | ||
|
||
The POST request body should be in JSON format and following schema: | ||
|
||
```typescript | ||
{ | ||
pci: string, // PCI to revoke. | ||
signature: string, // Signature of signed `pci` field by the key provided during the permission creation. The signature must be provided as DER, SEC1 and encoded in Base64 format. | ||
} | ||
``` | ||
|
||
#### Success response body: | ||
|
||
* `200 Ok` - Successfully revoked. | ||
|
||
#### Response error codes: | ||
|
||
* `400 Bad request` - Invalid parameter format in request. | ||
* `401 Unauthorized` - Invalid signature. |
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We need either a new endpoint for revoked sessions, or including a field in the pci that includes the "status" ; else we cannot displayed previously revoked sessions on the ui