-
Notifications
You must be signed in to change notification settings - Fork 347
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Specs] Push Subscribe, Push Update and Notification Types #574
Conversation
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this did:web at a first glance looks pretty fancy but tbh I am not fully convinced with key exchange here.
just for the sake of highlighting the purpose...
what are the pros?:
- all goes through the relay, we can see a tag
- ?
@@ -17,6 +17,39 @@ Body: | |||
} | |||
``` | |||
|
|||
### Register Webhook | |||
|
|||
Used to register a webhook that would return when accounts are subscribed or unsubscribed |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should all registered webhooks get info about all the subscriptions? Or how do I know which webhook is for which project?
Do they just call <cast_url>/<project_id>/register_webhook?
Should this be protected by some auth, so that malicious actor can't change webhook for dapp?
@@ -0,0 +1,82 @@ | |||
# Push Notification Types | |||
|
|||
Not every message is the same and not every wallet user wants to receive every possible push notification that a dapp targets their wallet account. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Wording:
Not every message is the same and not every wallet user wants to receive every possible push notification that a dapp targets their wallet account. | |
Not every message is the same and not every wallet user wants to receive every possible push notification that a dapp targets in their wallet account. |
// wc-push-config.json | ||
{ | ||
"version": 1, | ||
"lastModified": 1680167470169, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Definition above states seconds
resolution but this is in milliseconds. Do we want seconds?
|
||
## Subscription Scope | ||
|
||
A Push Subscription will include a claim labelled `scp` with a string value include the user authorized notification types separated by whitespaces. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Wording
A Push Subscription will include a claim labelled `scp` with a string value include the user authorized notification types separated by whitespaces. | |
A Push Subscription will include a claim labelled `scp`, with a string value that represents the user-authorized notification types separated by whitespaces. |
|
||
## Push Message | ||
|
||
A Push Message will include a parameter called `type` in the message payload which indicates the notification type is being delivered to the wallet user |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Wording:
A Push Message will include a parameter called `type` in the message payload which indicates the notification type is being delivered to the wallet user | |
A Push Message will include a parameter called `type` in the message payload which indicates the notification type being delivered to the wallet user. |
```jsonc | ||
// did-jwt | ||
{ | ||
...otherClaims |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
maybe we should be explicit and just put the rest of the information here instead of ...otherClaims
|
||
## User Flow | ||
|
||
The Push subscribe flow will require a dapp to host a static json file which will contain a DID document compliant with `did:web` method as specified [here](https://w3c-ccg.github.io/did-method-web/). In this DID document we will specify a X25519 public key that will be used by the Push API protocol to derive a symmetric key for the Push topic. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The Push subscribe flow will require a dapp to host a static json file which will contain a DID document compliant with `did:web` method as specified [here](https://w3c-ccg.github.io/did-method-web/). In this DID document we will specify a X25519 public key that will be used by the Push API protocol to derive a symmetric key for the Push topic. | |
The Push subscribe flow will require a dapp to host a static json file which will contain a DID document compliant with `did:web` method as specified [here](https://w3c-ccg.github.io/did-method-web/). In this DID document, we will specify a X25519 public key that will be used by the Push API protocol to derive a symmetric key for the Push topic. |
|
||
The Push subscribe flow will require a dapp to host a static json file which will contain a DID document compliant with `did:web` method as specified [here](https://w3c-ccg.github.io/did-method-web/). In this DID document we will specify a X25519 public key that will be used by the Push API protocol to derive a symmetric key for the Push topic. | ||
|
||
On the Wallet side we will be able to fetch a list of dapps that expose public keys for Push subscribe from a registry as for example our WalletConnect Cloud Explorer. These public keys are generated on the Cast server which will be able to listen for new subscriptions sent by the wallet to the subscribe topic which is the sha256 hash of the public key exposed. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
On the Wallet side we will be able to fetch a list of dapps that expose public keys for Push subscribe from a registry as for example our WalletConnect Cloud Explorer. These public keys are generated on the Cast server which will be able to listen for new subscriptions sent by the wallet to the subscribe topic which is the sha256 hash of the public key exposed. | |
On the Wallet side, we will be able to fetch a list of dapps that expose public keys for Push subscribe from a registry as for example our WalletConnect Cloud Explorer. These public keys are generated on the Cast server which will be able to listen for new subscriptions sent by the wallet to the subscribe topic which is the sha256 hash of the public key exposed. |
This new protocol will essentially allow Dapp Discoverability by allowing Wallets to generate push subscriptions independently from the Dapp Client being available.
Instead the Dapps will host a DID document statically on their domain and the Cast Server will handle the push subscription and notify them with a webhook
EDIT
This PR is now including spec changes for 4 milestones included in the Stage 1 (Discoverability Stage) from our 3-stage Push API refactor documented here