Allow reusing SIWE messages in EIP4361-based condition authentication

[piotr-roslaniec]

Type of PR:

• Feature

Required reviews:

• 2

What this does:

• Allows reusing of existing SIWE messages by providing them as a context parameter at decryption time
• Internally, it reuses the :userAddressEIP4361 context parameter - Hence, no changes on the server side required.

Issues fixed/closed:

• Fixes Add single sign-on capabilities to EIP4361 support #528

Notes for reviewers:

• Context variable handling may still change post https://github.com/nucypher/tdec/issues/179

[piotr-roslaniec]

Sending review requests for an early review of this draft

[manumonti]

This looks good to me, not sure how much more work is needed, but it seems pretty complete.

[piotr-roslaniec]

Asking for review despite some rough edges to confirm the design

[derekpierre]

Based on the changes in #531 , feels like this PR would look a lot different post-#531. And if merged pre-#531 it would create quite a bit of merge conflicts for #531. Would basing over #531 make that simpler?

We also don't address how to help the user "easily" generates the AuthSignature .
It would be nice to have to a function/API (seemingly an AuthProvider) that helps with generating the AuthSignature format we want for external SIWE? Or is that planned for a follow-up? wdyt?

[piotr-roslaniec]

@derekpierre I think we can rebase this over #531.

I added a public method to the EIP4361 auth provider to expose message-creating logic to end-users.

[piotr-roslaniec]

Rebased over #531

[derekpierre]

One thought for this PR, was that the AuthSignature is the thing that is TACo-specific as opposed to the SIWE message. It could be helpful to have something (utility function or class or otherwise) that generates the AuthSignature type so that users don't need to know the specifics of it eg. generateSIWEAuthSignature(address: string, siweMessage: string, signature: Uint8Array). With something like that, the user can use whatever they want for generating the siweMessage and taco-auth can take those as parameters and simply produce an AuthSignature type for them.

It's not something overly flashy, but is helpful in abstracting away the creation of the AuthSignature a bit.

If they are using single sign-on then presumably they already have a SIWE library that they are using and we would be helping them convert that into a format that we can use i.e. the AuthSignature.

Thoughts?

[derekpierre]

Is this static method related to the TODO on L61?

I might be missing the use case for this method? Just a helper for the user to create a SIWE message to then use for the context variable? If so, it seems pretty restrictive since there are more values that SIWE allows apps to customize.

In terms of our default EIP4361 auth provider behaviour, there is a question about what values to use for domain and uri, and whether the user can customize that, so wondering if this is related?

[piotr-roslaniec]

Just a helper for the user to create a SIWE message to then use for the context variable?

Yes, it's just a helper function to expose a SIWE-message-creating logic to end-users. I think I will also refactor-out the types related to SIWE so that it's more configurable and gives users more freedom (as you've noted).

so wondering if this is related?

Yes, it's related, but I planned on fixing the defaults later. I will attempt to squeeze it into this PR, but if it doesn't make sense I will follow up in the next one.

[derekpierre]

Yes, it's just a helper function to expose a SIWE-message-creating logic to end-users. I think I will also refactor-out the types related to SIWE so that it's more configurable and gives users more freedom (as you've noted).

In that case, I'm a bit apprehensive about the benefits of us trying to provide extensive SIWE-message-creating logic. Then we just end up either making something more restrictive with limited use (less parameters than the SIWE API) or writing a layer on top of the SIWE library that uses the same API parameterization of the library anyway. Users should just use the siwe library or some other one for generating the SIWE message if they want such a high level of customization of messages.

At the moment, we have two worlds:

1. Apps that expect TACo to do the SIWE info for them because they don't use SIWE at all (:userAddress)
2. Apps that currently use SIWE and expect to provide TACo with their existing SIWE info so that it can be reused (:userAddressExternalEIP4361)

In world 1) apps don't currently use SIWE at all, so TACo will create/generate the AuthSignature on their behalf. At most, the app may need to specify the domain / uri if taco-auth can't detect those values from the window object / use some default value to get the right value based on the SIWE spec (i.e. prevent the signing from being flagged as "unsafe"). But these apps probably don't need more customization than that, or else they would probably be in world 2) anyway.

In world 2) the app uses their own tooling for the SIWE message/signature and all they want to do is give that information to TACo (Ceramic example). No customization of SIWE message parameters needed here because the message and signature are already generated by the app separately.

[piotr-roslaniec]

I see your point. I had a slightly different idea of how to go about this, but I see merit in this solution.

I dropped the commit with previous changes and added an ability to set defaults for the EIP4361 provider. I will expose it as a part of #533

[derekpierre]

I had a slightly different idea of how to go about this, but I see merit in this solution.

Happy to listen to and work through your ideas.

[piotr-roslaniec]

So far I'm happy with this PR as it is, I think we may revisit this once we deprecate EIP712 and start ironing-out the user-facing API

[derekpierre]

Why not delete these lines instead of commenting them out?

[piotr-roslaniec]

I thought it was more explicit (explicitly disabled), is it confusing? Maybe an assertion is better.

[derekpierre]

Maybe an assertion is better.

Interesting. Where would you put the assertion?

Alternatively, maybe keep the comment on L37 and remove L38?

[piotr-roslaniec]

An assertion could be a statement in this file that gets executed when the file is imported. That's a bit ham-fisted, I need to think about this. In the meantime, I will remove L38.

[derekpierre]

Agreed - the assertion seems too heavy.

[piotr-roslaniec]

Thoughts?

I think AuthSignature will become a class rather than an interface, and we will add more utilities and conversion functions as we go. Adding more factory methods, especially for SIWE, makes sense. I will look into it.

[derekpierre]

Maybe an assertion is better.

Interesting. Where would you put the assertion?

Alternatively, maybe keep the comment on L37 and remove L38?

[derekpierre]

Is the empty block for a comment something common in typescript? Perhaps just the comment?

Suggested change

	} else {
	// Not a context parameter, we can skip
	}
	}
	// else not a context parameter, we can skip

[piotr-roslaniec]

It's no TS-related, just something I sometimes do to be more explicit.

[derekpierre]

For this case, should we also check that the customParameters[param] value is an AuthSignature? So not just that it is present in the custom parameters, but its type is correct. Or is that already done somewhere else?

[piotr-roslaniec]

I don't think we validate it against the structure of AuthSignature. We may want to use zod for that. Let's see.

[piotr-roslaniec]

Documented in #535, will address in a follow-up PR

[piotr-roslaniec]

I'm going to go ahead and merge this, but we can continue discussing here or in #537 if anything