-
Notifications
You must be signed in to change notification settings - Fork 55
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
auth-helpers package with SessionCapabilityObject #88
auth-helpers package with SessionCapabilityObject #88
Conversation
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
0f57082
to
bd066b7
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Apologies for the big PR! If anyone wants I can break it down further.
/** | ||
* These are the user-facing abilities that can be granted to a session. | ||
*/ | ||
export enum LitAbility { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
New concept that I'm introducing to SDK users.
LitAction = 'lit-la', | ||
} | ||
|
||
export interface ISessionCapabilityObject { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Abstraction over any concrete session capability object implementation.
addAllCapabilitiesForResource(litResource: ILitResource): void; | ||
} | ||
|
||
export interface ILitResource { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
abstraction over any LIT-related logical resource.
} | ||
|
||
get statement(): string { | ||
return sanitizeSiweMessage(this.#inner.statement); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Needed until spruceid/recap-ts#11 is done.
@@ -0,0 +1,32 @@ | |||
import { SiweMessage } from 'siwe'; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this file contains entry points to getting session capability objects, that are all currently implemented by Recap.
* @example If you want to request the ability to decrypt an access control condition, then you would pass | ||
* [{ resource: new LitAccessControlConditionResource('someResource), ability: LitAbility.AccessControlConditionDecryption }] | ||
*/ | ||
resourceAbilityRequests: LitResourceAbilityRequest[]; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
breaking change, but, as discussed we will proceed like so with heads up to users and that's it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wanted to introduce LitResource
and LitAbility
to better separate those two concepts, rather than have everything be encoded into a single string and parsing in a way that is (IMO) less legible.
} | ||
|
||
static extract(siwe: SiweMessage): RecapSessionCapabilityObject { | ||
const recap = Recap.extract_and_verify(siwe); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can verification fail?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yea it can
packages/auth-helpers/src/lib/recap/recap-session-capability-object.spec.ts
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm! can we also update this repo readme with simple instructions on why and how to use it, example code etc.? also a changelog for the breaking change
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
love it btw!
bcd82bf
to
24f8f67
Compare
I can do changelog but I plan to update our website docs soon anyways, so I'll just do it there. I don't think the root README.md is the best place for it. |
@Ansonhkg node side changes have been merged per https://github.com/LIT-Protocol/lit-assets/pull/149 and this PR is ready to go. Let's merge and publish this. Docs will come shortly after. |
…emented by SIWE ReCap
We need to use :// to separate scheme from path-absolute, and the letter * is not permitted per the ABNF grammar for the IRI scheme.
The asterisk in the line above will cover all packages already.
458ef0f
to
e2f1137
Compare
@hwrdtm Published to latest |
What
Closes LIT-247
Apologies for the big PR! If you want I can break it down into smaller chunks.
This PR:
auth-helpers
package that contains an abstraction over various session capability object implementations - today, we will roll out with using a SIWE ReCap based implementation that implementsISessionCapabilityObject
.ILitResource
which is an abstraction over any LIT-related logical resource, andLitAbility
which is a specific action upon a LIT resource. For a user to make a request, they will couple them together as aLitResourceAbilityRequest
- we check for compatibility on the SDK and Rust node side, so that you can't logically do a decryption ability over a Rate Limit Increase NFT resource.lit-node-client-nodejs
use stronger types and fix usages of session sigs here and there.walletSig
(auth sigs)getSessionSigs
to useauth-helpers
session capability object generation / verification.statement
toAuthCallbackParams
Examples:
Creating an ACC LIT resource and then requesting to perform the signing operation over it, by generating session sigs with the SDK, which the SDK will generate a session capability object with wildcard abilities for this specific ACC resource (
*/*
):TODO
siwe-recap
at0.0.2-alpha.0
Testing
Manually tested from OAuth PKP repo, works as intended.
E2E:
yarn tools --dev --apps
yarn tools --test --e2e html
Packages:
npx nx run lit-node-client-nodejs:test
npx nx run auth-helpers:test