ChainAgnostic / CAIPs

Chain Agnostic Improvement Proposals
https://chainagnostic.org
Creative Commons Zero v1.0 Universal
506 stars 148 forks source link

Feedback on Blockchain Claims for use in JWT #128

Open jaredhanson opened 2 years ago

jaredhanson commented 2 years ago

Hello! I work at Okta/Auth0, am an advisor to Dynamic, and maintain various Node.js packages for identity-related functionality (Passport.js, OAuth2orize, etc.)

I've put together a proposal on how to represent blockchain accounts and assets in a JWT. As off-chain applications adopt Web3 technologies, through specifications such as CAIP-122, this allows services to have a common way to do authorization based on accounts or assets owned (token-gating).

I'd love to get this communities feedback on the proposal. If there's interest, I will submit a PR to this repo consideration as a CAIP. Thanks!

https://github.com/jaredhanson/id-blockchain-claims-in-jwt

bumblefudge commented 2 years ago

This is very interesting-- but I'm not sure very many of us in CASA are JW experts, much less experts in how OIDC tokens profile JW. Is the goal to get CASA feedback first and use that to define a JWT profile/scheme for IANA?

jaredhanson commented 2 years ago

Yeah, that's the objective. Standardizing the claims so they are in the IANA registry would be the ideal outcome. The specification (once finalized) could be submitted to the most relevant organization, I suspect IETF would be appropriate but it could also be hosted here if there is interest. Either way, feedback from this community would be appreciated.

awoie commented 2 years ago

I think this is really useful. This allows people to include blockchain accounts in JOSE objects without name ambiguity. Also +1 for registering in IANA after the CAIP was approved. A lot of applications don't allow custom claims if they are not registered in IANA or don't use identifiers with collision-resistant names, e.g., using reverse domain, URIs. This CAIP would solve this issue.

kdenhartog commented 2 years ago

Thanks for dropping a message here. I opened an issue on that repo, but happy to move the discussion over here. Which would you prefer @jaredhanson?

ritave commented 1 year ago

On the topic of JWTs and to add some context, MetaMask Snaps was surprised that we had a request to expose ability to sign JWTs.

We didn't see the use-case, but if there's enough feature requests we'd like to revisit it.

bumblefudge commented 1 year ago

@jaredhanson any update here? DM me on Discord, twitter, etc if a 1:1 meeting would help!