-
Notifications
You must be signed in to change notification settings - Fork 554
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bring your own DID #1011
Bring your own DID #1011
Conversation
'DID document pds endpoint does not match service endpoint', | ||
'PoorlyFormattedDidDoc', | ||
) | ||
} else if (atpData.signingKey !== ctx.repoSigningKey.did(0)) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this can go, may actually be responsible for CI complaining.
} else if (atpData.signingKey !== ctx.repoSigningKey.did(0)) { | |
} else if (atpData.signingKey !== ctx.repoSigningKey.did()) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
hah yup i actually had that change locally but not saved 😅
{"name": "UnsupportedDomain"} | ||
{"name": "UnsupportedDomain"}, | ||
{"name": "CouldNotResolveDid"}, | ||
{"name": "PoorlyFormattedDidDoc"} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry for the total nit, but I'm not feeling 100% sure about this error name. My understanding is that this is used when there's a valid did doc but it's not compatible with the PDS that the account is being created on. What if it were something like IncompatibleDidDoc
? Promise I'm not going to get hung-up on this if you prefer it as-is 😆
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yup very in support. i didn't like the name even as i was writing it 😅
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Pretty sweet!
|
||
if (input.did.startsWith('did:plc')) { | ||
const data = await ctx.plcClient.getDocumentData(input.did) | ||
if (!data.rotationKeys.includes(ctx.plcRotationKey.did())) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This may not be a good idea.
If the reason a user is bringing their own did is that they don't want the PDS to be able to update their did:plc this will prevent them from using this PDS.
There is a real use case of I want to manage my own DID and just use the PDS to manage the repo.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah we will loosen this in the future, but I think it's important for now
If the PDS does not have the ability to rotate documents, then
- it cannot help out with handle changes
- if it rotates it's repo signing key, it can no longer publish records on a repo's behalf
This should be allowed at some point, but for now, for usability's sake, we constrain the provided DID
* allow bringing your own did * tests + tidy * one more check/test * fix typo * better err names
* allow bringing your own did * tests + tidy * one more check/test * fix typo * better err names
This allows you to bring your own DID document on account creation.
When you bring your own DID document, we attempt to resolve it & ensure that the data within matches up with the intended values. Namely:
Buyer beware: we do not do that last check for did:web. If you are using a did:web DID, it is your obligation to keep your DID document up to date with the service you're using - otherwise your data may no longer be indexed.
In service of: #1001