ARC-0027: Provider Message Schema

[kieranroneill]

Summary

This proposal intends to outline a common message schema to be used in dApp/provider (wallet) communication.

The proposal attempts to build off the fundamental work of the previous ARCs; wallet transaction signing (ARC-0005), wallet address discovery (ARC-0006), wallet transaction network posting (ARC-0007) and wallet transaction signing & posting (ARC-0008), to comprehensively outline a common message schema, and to extend this schema with an aim to allow more robustness with multiple AVM (Algorand Virtual Machine) chains.

Aside from extending the schema of the previous ARCs, this proposal also adds a couple of new methods that aim to "fill the gap". These include:

• A discovery method that is used to get information about providers such as what methods are supported and what chains.
• A "disable" method that allows a dApp to remove itself from providers.

[ehanoc]

I'm a big big fan of this proposal.

Overall, to finalize it, maybe we could include a reference implementation for us to test ourselves?

[ehanoc]

What do you think of keeping this agnostic to the platform? We could just say Wallet Interface for instance

[ehanoc]

Wouldn't this be a single SDK for dapp developers? They would just need to comply with the API, no?

Maybe that's something could be provided in the ARC as a reference implementation. Thoughts?

[ehanoc]

I like it, is there samples for us to include here and test?

[kieranroneill]

I am separately developing an npm package, that is essentially an SDK wrapper around this, for wallets/dApps to install for minimum code. Similar to the Algorand Provider I built way back.

The UseWallet implementation of the Kibisis wallet uses it into interact with the Kibisis web extension wallet.

[ehanoc]

I'm a fan of us supporting signing for multiple purposes and arbitrary data signing. But signBytes:

• seems to give freedom to the app to define what purposes this can be used for with a simple string. Seems that it can be gamed to trick users to sign things that they shouldn't, even transactions.
• Doesn't consider multiple encoding schemes
• Validation of the content to be signed should be matched against a known schema?

That's one of the things i'm trying to address in ARC-52#SignMetadata is to enforce the context of what we are signing and validate it quickly from a list of possible schema templates (i.e authentication requests, messages, identity), so that the user doesn't have to understand msgpack encoding or CBOR and the wallet can still validate what is signing.

It's a longer conversation though.

[kieranroneill]

I wholeheartedly agree. I have been playing with this with Algorand Provider + Kibisis and, if I recall, Kibisis displays the data if it is:

• A valid UTF-8 string
• A parseable JWT

For example, for JWTs, if it is correctly parsed it shows this screen:

It also shows some warnings if the JWT has expired or the subject/sub of the JWT does not match the account to sign.

As you can workout, I am a fan of JWTs 😅

(It was actually the only reason I built Kibisis as I wanted to implement, for the then, app I was building to use user JWT authentication using an Algorand account)

But you are right, the schema of this function requires more work as it is not fit for consumption.

[kewde]

Using a BroadcastChannel is an interesting choice and would need a bit more inspection. AFAIK web extensions do not typically inject in iframes, with this approach we may be allowing embedded iframes to trigger a wallet popup as long as that origin is also open in a tab elsewhere.

[kewde]

Do I understand it correctly that if multiple tabs are open and thus content scripts are listening to the BroadcastChannel, then they need to avoid registering multiple times? If registering multiple times is allowed, would the content script need to synchronize internally to ensure that it deals with e.g "signTxn" only once, as to not open 10 popups for each of the 10 tabs that are open?

[kewde]

Can we make this mandatory? Having remote URI's here may make it harder to implement, and potentially more dangerous too.

Along with limiting the supported filetypes would be nice? 'svg+xml' | 'webp' | 'png' | 'gif' are the ones supported by wallet-standard.

[kewde]

Can we clarify if the providerId is static value or whether this is allowed to be a random value every time it is registered? If it is a static value, will we maintain a list somewhere of the "taken" values which we'll respect on a gentlemen's agreement, even though collisions are very rare.

[kewde]

Should we mandate that this must be "https://"?