Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Investigate reuse a Limited Access Key #922

Open
trechriron opened this issue Sep 13, 2023 · 1 comment
Open

Investigate reuse a Limited Access Key #922

trechriron opened this issue Sep 13, 2023 · 1 comment
Assignees
@kujtimprenkuSQA
Labels
Decision Further information or research is requested Emerging Tech Emerging Tech flying formation at Pagoda Near BOS NEAR BOS team at Pagoda

Comments

@trechriron
Copy link
Collaborator

Description

Kujtim Prenku
last week

@daryl Collins The first step for this task would be to update the NEP to add an explanation in the signOut method and advise wallets to not delete the key from localStorage and from the chain unless that accountId is passed to the accounts of the signOut https://github.com/near/NEPs/blob/master/specs/Standards/Wallets/InjectedWallets.md#signout method.

Then the signOut method of wallet-selector will need to be updated to take an optional accounts param so dApps can pass any account that they want to delete the key for.

For more context please have a look at older comments about this investigation.

Kujtim Prenku
June 5, 2023 at 4:44 AM

@daryl Collins We have got back to this ticket and investigated a bit more, the Injected Wallet’s standard for sginOut requires an array of accounts to be passed as a param:

https://github.com/near/NEPs/blob/master/specs/Standards/Wallets/InjectedWallets.md#signout

Maybe we can add a few paragraphs and a code example in the standard for signOut in case we don’t want the wallet to remove the key(s) from the chain we can pass an empty array to the signOut method. This will make sure that the keys are still valid since we don’t remove them on our side either.

The only “tricky” part is the ability to re-signIn with the previous account even though we might be able to change the state of the wallet selector the wallets are not aware that we have re-signIn.
If wallet builders will review the change in the standard they might have a better idea of how the re-signIn should be done.
@trechriron trechriron added Decision Further information or research is requested Emerging Tech Emerging Tech flying formation at Pagoda Near BOS NEAR BOS team at Pagoda labels Sep 13, 2023
@dim-daskalov
Copy link

Hi @trechriron, could you provide more context about this issue.
From what I see in the information provided. We need to change the signOut method in the wallet-selector to accept an optional param accounts which will hold all the accountId's that we want to remove.
The unclear part for me is coming from this line - we don’t want the wallet to remove the key(s) from the chain.
I can see in the code that the managing of the keyStore, which is responsible for saving and removing keys from the localStorage is mostly done in the integrated wallets code.
If possible could you clarify what needs to be done in the wallet-selector code other than what I mentioned, in order to achieve the keys removal from the chain.

Thanks in advance.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kujtimprenkuSQA kujtimprenkuSQA

Labels
Decision Further information or research is requested Emerging Tech Emerging Tech flying formation at Pagoda Near BOS NEAR BOS team at Pagoda
Projects
NEAR DevX
Status: Backlog 🥶
Milestone
No milestone
Development

No branches or pull requests
3 participants
@trechriron @kujtimprenkuSQA @dim-daskalov