[Specs] Push Subscribe, Push Update and Notification Types #574
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
pedrouid
requested review from
TalhaAli00,
bkrem,
llbartekll and
Rakowskiii
and removed request for
TalhaAli00,
bkrem and
Rakowskiii
TalhaAli00
approved these changes
Mar 23, 2023
llbartekll
approved these changes
Mar 23, 2023
bkrem
reviewed
Mar 24, 2023
bkrem
reviewed
Mar 24, 2023
bkrem
reviewed
Mar 24, 2023
bkrem
reviewed
Mar 24, 2023
bkrem
reviewed
Mar 24, 2023
bkrem
approved these changes
Mar 24, 2023
Elyniss
reviewed
Mar 29, 2023
pedrouid
changed the title
pedrouid
changed the title
llbartekll
reviewed
Apr 4, 2023
Rakowskiii
approved these changes
Apr 4, 2023
Rakowskiii
reviewed
Apr 4, 2023
| @@ -17,6 +17,39 @@ Body: | |||
| } | |||
| ``` | |||
|
|
|||
| ### Register Webhook | |||
|
|
|||
| Used to register a webhook that would return when accounts are subscribed or unsubscribed | |||
There was a problem hiding this comment.
Should all registered webhooks get info about all the subscriptions? Or how do I know which webhook is for which project?
Do they just call <cast_url>/<project_id>/register_webhook?
Should this be protected by some auth, so that malicious actor can't change webhook for dapp?
llbartekll
approved these changes
Apr 4, 2023
bkrem
reviewed
Apr 4, 2023
| @@ -0,0 +1,82 @@ | |||
| # Push Notification Types | |||
|
|
|||
| Not every message is the same and not every wallet user wants to receive every possible push notification that a dapp targets their wallet account. | |||
There was a problem hiding this comment.
Wording:
Suggested change
| Not every message is the same and not every wallet user wants to receive every possible push notification that a dapp targets their wallet account. | |
| Not every message is the same and not every wallet user wants to receive every possible push notification that a dapp targets in their wallet account. |
bkrem
reviewed
Apr 4, 2023
| // wc-push-config.json | ||
| { | ||
| "version": 1, | ||
| "lastModified": 1680167470169, |
There was a problem hiding this comment.
Definition above states seconds resolution but this is in milliseconds. Do we want seconds?
bkrem
reviewed
Apr 4, 2023
|
|
||
| ## Subscription Scope | ||
|
|
||
| A Push Subscription will include a claim labelled `scp` with a string value include the user authorized notification types separated by whitespaces. |
There was a problem hiding this comment.
Wording
Suggested change
| A Push Subscription will include a claim labelled `scp` with a string value include the user authorized notification types separated by whitespaces. | |
| A Push Subscription will include a claim labelled `scp`, with a string value that represents the user-authorized notification types separated by whitespaces. |
bkrem
reviewed
Apr 4, 2023
|
|
||
| ## Push Message | ||
|
|
||
| A Push Message will include a parameter called `type` in the message payload which indicates the notification type is being delivered to the wallet user |
There was a problem hiding this comment.
Wording:
Suggested change
| A Push Message will include a parameter called `type` in the message payload which indicates the notification type is being delivered to the wallet user | |
| A Push Message will include a parameter called `type` in the message payload which indicates the notification type being delivered to the wallet user. |
bkrem
reviewed
Apr 4, 2023
bkrem
reviewed
Apr 4, 2023
bkrem
approved these changes
Apr 4, 2023
TalhaAli00
reviewed
Apr 5, 2023
| ```jsonc | ||
| // did-jwt | ||
| { | ||
| ...otherClaims |
There was a problem hiding this comment.
maybe we should be explicit and just put the rest of the information here instead of ...otherClaims
TalhaAli00
reviewed
Apr 5, 2023
|
|
||
| ## User Flow | ||
|
|
||
| The Push subscribe flow will require a dapp to host a static json file which will contain a DID document compliant with `did:web` method as specified [here](https://w3c-ccg.github.io/did-method-web/). In this DID document we will specify a X25519 public key that will be used by the Push API protocol to derive a symmetric key for the Push topic. |
There was a problem hiding this comment.
Suggested change
| The Push subscribe flow will require a dapp to host a static json file which will contain a DID document compliant with `did:web` method as specified [here](https://w3c-ccg.github.io/did-method-web/). In this DID document we will specify a X25519 public key that will be used by the Push API protocol to derive a symmetric key for the Push topic. | |
| The Push subscribe flow will require a dapp to host a static json file which will contain a DID document compliant with `did:web` method as specified [here](https://w3c-ccg.github.io/did-method-web/). In this DID document, we will specify a X25519 public key that will be used by the Push API protocol to derive a symmetric key for the Push topic. |
TalhaAli00
reviewed
Apr 5, 2023
|
|
||
| The Push subscribe flow will require a dapp to host a static json file which will contain a DID document compliant with `did:web` method as specified [here](https://w3c-ccg.github.io/did-method-web/). In this DID document we will specify a X25519 public key that will be used by the Push API protocol to derive a symmetric key for the Push topic. | ||
|
|
||
| On the Wallet side we will be able to fetch a list of dapps that expose public keys for Push subscribe from a registry as for example our WalletConnect Cloud Explorer. These public keys are generated on the Cast server which will be able to listen for new subscriptions sent by the wallet to the subscribe topic which is the sha256 hash of the public key exposed. |
There was a problem hiding this comment.
Suggested change
| On the Wallet side we will be able to fetch a list of dapps that expose public keys for Push subscribe from a registry as for example our WalletConnect Cloud Explorer. These public keys are generated on the Cast server which will be able to listen for new subscriptions sent by the wallet to the subscribe topic which is the sha256 hash of the public key exposed. | |
| On the Wallet side, we will be able to fetch a list of dapps that expose public keys for Push subscribe from a registry as for example our WalletConnect Cloud Explorer. These public keys are generated on the Cast server which will be able to listen for new subscriptions sent by the wallet to the subscribe topic which is the sha256 hash of the public key exposed. |
TalhaAli00
approved these changes
Apr 5, 2023
7 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This new protocol will essentially allow Dapp Discoverability by allowing Wallets to generate push subscriptions independently from the Dapp Client being available.
Instead the Dapps will host a DID document statically on their domain and the Cast Server will handle the push subscription and notify them with a webhook
EDIT
This PR is now including spec changes for 4 milestones included in the Stage 1 (Discoverability Stage) from our 3-stage Push API refactor documented here