Design TokenScript for attestation tokens

[AW-STJ]

@oleggrib - can you share your requirement for TokenScript

[oleggrib]

List of the properties to describe in TokenScript:

• TokenName
• TokenDescription
• TokenWebsiteURL
• Token schema (property->type)
• attestationOrigin
• AttestorPublicKey
• tokenOrigin
• magicLinkParamsSchema (token, secret, pok ,id, type)
• localStorageDBName
• localStorageTokenItemName
• localStorageEthKeyItemName
• tokenUniqueIdParam
• IssuerPublicKey
• WhiteListDomainNames
• CryptoVerifyServerAPIEndpopint
• DomainsWhiteList
• DomainsBlackList

@nicktaras , do you need some additional properties in the TokenScript to describe specific token?

[oleggrib]

I can see config data in the Readme.md in the https://github.com/TokenScript/token-negotiator

those data must be syncronized with backend validator, other services who use this token etc.

Also webster have to know some tech info about this Token and can make mistake somewhere.

In case if we finish this task then we can pass just tokenName to the Negotiator, other data can be fetched from remote XML file.

Lets do next:

• define fields list
• create XML file with embedded token data
• copy XML parser code from https://testshop.antopolbus.rv.ua/ts3/passive-negotiation.html, its vanilla JS, I have improved version in TS as angular service

@nicktaras @micwallace @foxgem @AW-STJ

[micwallace]

Yep 100% agree Oleh. As soon as we get this into TokenScript we can take advantage of the TokenScript signing security.

[oleggrib]

@micwallace , @nicktaras do you work on this issue? if no then lets make simple JSON file (as forst draft) in specific location and read it from there. ok? I can do the PR.

[oleggrib]

@micwallace , @nicktaras will we still duplicate config? out backend should validate it too, so we need aligned config. With more duplication more chanses make mistake.

[AW-STJ]

I will escalate this with @weiwu-zhang. We had discussed this recently as well.

If we are hitting this issue again, and is related to attestation.id as well, then its high time to decide on the config before moving forward

[oleggrib]

If we are hitting this issue again, and is related to attestation.id as well, then its high time to decide on the config before moving forward

@AW-STJ , This questions is not related to attestation.id (we use OTP email verification, so attestation.id completely separated from token), but related to tokenNegotiator.Client, tokenNegotiator.Client, crypto-verify and hotelBogota_backend(in case if third party website validate data without API)

[micwallace]

Some redundant field have been removed from the negotiator interfaces. Defaults are still set in Outlet but can be overridden. Currently, here is what is required in both client and outlet:

export interface OffChainTokenConfig {
    title: string;
    image: string;
    tokenOrigin: string;
    unEndPoint: string;
    attestationOrigin: string;
    tokenParser?: any; // Note: This will be changed to tokenSchema, which will be embedded in the XML
    base64senderPublicKeys: {[devconId: string]: string};
    base64attestorPubKey: string;
}

I have created a dynamic schema parser that works with asn1-schema library to parse & serialize asn1 based on a JSON schema definition. This can be used to parse an arbitrary token schema defined within XML.