feat(app)!: add authz to the state-machine #1540
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Overview
TODOs(notes to myself mainly)
figure out if we need/want to add authz to our own module (to e.g. make it possible to pay for blobs or qgb txs via another account)I think the answer here is: yes, we should properly integrate authz with the blobs module. Main reason is that it can enable (e.g. rollkit) sequnecers with a known public key to delegate submitting pfbs to another hot-key, while clients can still validate against the known pub-key. The feegrant module only allows fees to be payed by the grantee the txs would be submitted by a different account/key though. This can happen in a follow-up PR though (needs an issue) and should be accompanied with a brief ADR for the rationale/motivation. Thanks to @zmanian for walking through potential user stories with me.ref: #1530
Checklist