search

MetaMask / metamask-extension

:globe_with_meridians: :electric_plug: The MetaMask browser extension enables browsing Ethereum blockchain enabled websites
https://metamask.io
Other
11.84k stars 4.83k forks source link

Add message-signing permission #12008

Open wbt opened 3 years ago

wbt commented 3 years ago

I have a dApp which frequently makes calls to eth_signTypedData using MetaMask, which presents a signing dialog to the user. Because there are so many of these, users can be easily annoyed and get permission fatigue, just quickly clicking to sign, and experiencing interruption in the flow of the application.

It would be much better if the dApp could request a message-signing permission and if the user has granted it, calls to eth_signTypedData would return automatically as if the user had clicked "Sign" without requiring the user interaction. This permission could be added/revoked at any time, like other optional permissions.

Steps to reproduce

  1. Visit https://metamask.github.io/test-dapp/
  2. Click "Connect" in the center near the top of the page
  3. Notice the permissions-granting flow only including the one permission to view addresses; grant connection & permission.
  4. Scroll down to the box which says "Sign Typed Data" and click Sign.
  5. Notice a popup asking you to sign a message.
  6. Click to sign.
  7. Notice the result showing a signature.
  8. Repeat steps 4-7 dozens of times to simulate dapp use.
  9. Notice you get tired of the MetaMask popup, and wish you could grant a permission to skip 5-6.

I would be happy to help with a PR to implement this if someone can help point me to approximately the right places in the code base where alterations would most likely be needed, as I'm not that familiar with the code base myself at this point.

Browser details (please complete the following information):

bschorchit commented 1 year ago

You can create a Snaps for it :)

wbt commented 1 year ago

Really? I've asked multiple folks on the Snaps team at in-person events promoting Snaps about doing something like this, and got the conclusion that it's not supported with what's currently possible in Snaps.

bschorchit commented 1 year ago

@Montoya can correct me here and give more insight into it

Montoya commented 1 year ago

Hi @wbt, what you were told is somewhat correct. There is not yet a good API for doing this with Snaps, but Snaps is the way this will be supported in the future.

Here is an example project that does permissionless aka instant confirmations: https://github.com/zaqk/metamask-snap-permissionless-transactions

Right now the way to do it is to implement confirmations custom in a keyring snap. In the future we plan to add APIs that will allow snaps to perform Ethereum account actions by talking to MetaMask instead of having to implement this with custom code. Also, Snaps is still in developer preview but should launch to the stable extension next year.

I invite you to join us in the Snaps Discussion Board with any questions you may have about building this functionality.