Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(sessions): session permissions storage API #242

Open
wants to merge 8 commits into
base: main
Choose a base branch
from
Open

feat(sessions): session permissions storage API #242

Changes from 6 commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
1a834c8
feat(sessions): session permissions storage API
geekbrother Jun 13, 2024
af51899
feat: updating schema, keys generation added
geekbrother Jun 13, 2024
f2ecd31
feat: adding permissions context updating
geekbrother Jun 13, 2024
c5284e4
fix: chores, addressing comments
geekbrother Jun 26, 2024
10733a3
fix: adding fields description and error codes
geekbrother Jul 9, 2024
836180f
fix: removing unstable, fixing context to be in line with ERC7715
geekbrother Jul 11, 2024
162a7fe
fix: key format changes, chores
geekbrother Jul 22, 2024
e471921
fix: return all permissions by address
geekbrother Oct 3, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
174 changes: 174 additions & 0 deletions docs/specs/servers/blockchain/blockchain-permissions-api.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,174 @@
# Blockchain API Sessions and Permissions

## Sessions permissions storage

### Get permissions list for account

Used to get account list of active sessions
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need either a new endpoint for revoked sessions, or including a field in the pci that includes the "status" ; else we cannot displayed previously revoked sessions on the ui


`GET /v1/sessions/{address}?projectId={projectId}`

* `address` - CAIP-10 address format.
* `projectId` - Required. The project identifier.

#### Success response body:

```typescript
{
pci: string[]
}
```

* `pci` - List of sessions PCIs for this account.
geekbrother marked this conversation as resolved.
Show resolved Hide resolved

#### Response error codes:

* `400 Bad request` - Wrong requested address format.

### Get permission by PCI

Used to get permission by PCI

`GET /v1/sessions/{address}/{pci}?projectId={projectId}`

* `address` - CAIP-10 address format.
* `pci` - Permission identifier.
* `projectId` - Required. The project identifier.

#### Success response body:

```typescript
{
"permissionType": string,
"data": string,
"required": boolean,
"onChainValidated": boolean
}
```

#### Response error codes:

* `400 Bad request` - Wrong requested address format or PCI not found.

## Add a new permission

Creating a new permission session for the account

`POST /v1/sessions/{address}?projectId={projectId}`

* `address` - CAIP-10 address format.
* `projectId` - Required. The project identifier.

### Request body:

The POST request body should be in JSON format and following schema:

```typescript
{
permission:
{
"permissionType": string,
"data": string,
"required": boolean,
"onChainValidated": boolean
}
}
```

Comment on lines +80 to +93
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Request body should have permission struct defined in ERC7715 + extra field onChainValidated if needed but not sure how will Dapp/Client know this( onChainValidated ) information.

#### Success response body:

Response will contain a new generated key and PCI of the new permission.

```typescript
{
pci: string,
key: string
}
```

* `pci` - New unique permission controller identifier.
* `key` - Generated signing (private) ECDSA P256 key in DER, SEC1 format encoded by Base64.
geekbrother marked this conversation as resolved.
Show resolved Hide resolved

#### Response error codes:

* `400 Bad request` - Wrong format in request.

## Updating permissions context

Updating permissions context for the certain permission idenitifier.

`POST /v1/sessions/{address}/context?projectId={projectId}`

* `address` - CAIP-10 address format.
* `projectId` - Required. The project identifier.

### Request body:

The POST request body should be in JSON format and following schema based on the [ERC-7715](https://github.com/ethereum/ERCs/blob/a75e2d80698441f5da9e0fe98d38122a862aed89/ERCS/erc-7715.md#signers):

```typescript
{
pci: string,
signature: string,
context: {
signer: {
type: string,
data:{
ids: string[],
}
},
expiry: number,
signerData: {
userOpBuilder: string
},
factory: string,
factoryData: string,
permissionsContext: string
}
}
```
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

context field should contain the complete response of wallet_grantPermission request received by the Dapp/client from wallet, because it contains list of granted permissions for requested session. The initial set of permissions stored by the co-signer could be different than final granted permissions.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you mean the context should be the list of granted permissions from ERC7715?


* `pci` - PCI to revoke.
* `signature` - Signature of canonicalized JSON `context` object signed by the key provided during the permission creation. The signature must be provided as DER, SEC1 and encoded in Base64 format.
* `context` - Permissions context object to update.

#### Success response body:

* `200 Ok` - Successfully updated.

#### Response error codes:

* `400 Bad request` - Wrong format in request.
* `401 Unauthorized` - Wrong signature.

## Revoke permission

Revoking a permission from account sessions.

`POST /v1/sessions/{address}/revoke?projectId={projectId}`

* `address` - CAIP-10 address format.
* `projectId` - Required. The project identifier.

### Request body:

The POST request body should be in JSON format and following schema:

```typescript
{
pci: string,
signature: string,
}
```

* `pci` - PCI to revoke.
* `signature` - Signature of signed `pci` field by the key provided during the permission creation. The signature must be provided as DER, SEC1 and encoded in Base64 format.

#### Success response body:

* `200 Ok` - Successfully revoked.

#### Response error codes:

* `400 Bad request` - Wrong format in request.
* `401 Unauthorized` - Wrong signature.