New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Authorization verification methods should fetch the function name from the host #477
Comments
We were talking about this in stellar-deprecated/soroban-token-contract#81, but I really don't think this is a good idea. What kind of authorization you're checking should be very explicit, and it might not correspond to the contract function that was called. Let me give you an example. Consider a contract that contains 3 functions: |
That's a good point. We could add a second |
My vote is for simple and explicit here. I want to know the way in which a signature I'm verifying will be used (eg. what function), and it should be readily apparent to anyone writing the code. I don't think it's onerous to do this by hand, but maybe other people disagree with that. |
That's a good point, when @sisuresh and I discussed this recently we were really concerned with the simplest case of auth, but it isn't the only. I think we'll benefit from providing one and only one auth mechanism. It may make sense to still have an SDK function that provides the currently invoked function, but the auth module doesn't use it and it is something the developer can choose to use. Depending on how someone structures there code it may not always be convenient to pass around the symbol, and it may not always be not-error prone. |
Agreed. I'm don't think I'm opposed to the function, although I do think the documentation for it will need a big warning on it (which makes me think we maybe shouldn't do it but I need to really evaluate that). |
What would we put as the warning? |
Something to the effect of
I'm honestly not even sure if that is dire enough even though it says "WARNING" several times. My gut says this is so error-prone that we shouldn't provide it unless someone can provide a compelling argument for a contract that requires it. |
The
check_*_auth
methods take aSymbol
as an input. This parameter should be the current contract function, so instead of taking it as input, it could be fetched from the host.The text was updated successfully, but these errors were encountered: