Bring your own DID #1011
Bring your own DID #1011
Conversation
| 'DID document pds endpoint does not match service endpoint', | ||
| 'PoorlyFormattedDidDoc', | ||
| ) | ||
| } else if (atpData.signingKey !== ctx.repoSigningKey.did(0)) { |
There was a problem hiding this comment.
I think this can go, may actually be responsible for CI complaining.
| } else if (atpData.signingKey !== ctx.repoSigningKey.did(0)) { | |
| } else if (atpData.signingKey !== ctx.repoSigningKey.did()) { |
There was a problem hiding this comment.
hah yup i actually had that change locally but not saved 😅
| {"name": "UnsupportedDomain"} | ||
| {"name": "UnsupportedDomain"}, | ||
| {"name": "CouldNotResolveDid"}, | ||
| {"name": "PoorlyFormattedDidDoc"} |
There was a problem hiding this comment.
Sorry for the total nit, but I'm not feeling 100% sure about this error name. My understanding is that this is used when there's a valid did doc but it's not compatible with the PDS that the account is being created on. What if it were something like IncompatibleDidDoc? Promise I'm not going to get hung-up on this if you prefer it as-is 😆
There was a problem hiding this comment.
yup very in support. i didn't like the name even as i was writing it 😅
|
|
||
| if (input.did.startsWith('did:plc')) { | ||
| const data = await ctx.plcClient.getDocumentData(input.did) | ||
| if (!data.rotationKeys.includes(ctx.plcRotationKey.did())) { |
There was a problem hiding this comment.
This may not be a good idea.
If the reason a user is bringing their own did is that they don't want the PDS to be able to update their did:plc this will prevent them from using this PDS.
There is a real use case of I want to manage my own DID and just use the PDS to manage the repo.
There was a problem hiding this comment.
Yeah we will loosen this in the future, but I think it's important for now
If the PDS does not have the ability to rotate documents, then
- it cannot help out with handle changes
- if it rotates it's repo signing key, it can no longer publish records on a repo's behalf
This should be allowed at some point, but for now, for usability's sake, we constrain the provided DID
* allow bringing your own did * tests + tidy * one more check/test * fix typo * better err names
* allow bringing your own did * tests + tidy * one more check/test * fix typo * better err names
This allows you to bring your own DID document on account creation.
When you bring your own DID document, we attempt to resolve it & ensure that the data within matches up with the intended values. Namely:
Buyer beware: we do not do that last check for did:web. If you are using a did:web DID, it is your obligation to keep your DID document up to date with the service you're using - otherwise your data may no longer be indexed.
In service of: #1001