Allow apps to sign arbitrary data via a RPC call

[sohkai]

Some apps may require users to sign arbitrary messages, data, or even transactions. aragon.js should tell its server it has a signing request like this, to prompt it to show an appropriate screen (e.g. aragon/aragon's signer panel).

[macor161]

I'm going to give this a shot!

This is what I have in mind, let me know what you think:

1. A new method in AragonApp called sign which will have the following signature:

sign(data: string, address: string): Observable

data will be the data to sign and address will be the address to sign the data with.

2. A new request handler in aragon-wrapper that will handle the sign requests.

3. A panel to ask the user for his or her permission

[sohkai]

@macor161 Great :)!

• 1 will involve the aragon-client package, and as you'll see it'll just be marshalling the data through the messenger.
  • I think sign()'s address parameter will be filled in with the user's current unlocked account, so probably don't need to have it here
• Completely spot on with 2 :)
• 3 will need to be done in aragon/aragon, or other "server"s. They should be able to detect that a new signing request is coming through (just through an observable is fine), and appropriately show them a UI for it (e.g. our signing panel). The transaction flow is really similar.

[gitcoinbot]

Issue Status: 1. Open 2. Started 3. Submitted 4. Done

---

This issue now has a funding of 1.15 ETH (237.42 USD @ $206.45/ETH) attached to it as part of the Aragon DAC fund.

• If you would like to work on this issue you can 'start work' on the Gitcoin Issue Details page.
  • Want to chip in? Add your own contribution here.
  • Questions? Checkout Gitcoin Help or the Gitcoin Slack
  • $50,123.95 more funded OSS Work available on the Gitcoin Issue Explorer

[frankchen07]

hey @Quazia, can you approve mul1st or arealdeadone to start work? They're waiting!

[Quazia]

@mul1sh I've approved you for work on this milestone, let us know if you have any questions.

[mul1sh]

@Quazia ok thanks for the approval, let me begin work now. Will let you know in case of any queries 🙂

[mul1sh]

@sohkai just to confirm, how should the signing occur?

Also do you have an im i.e. slack where we can chat more easily as I work on this issue? If not github comments are still fine with me 🙂

[Quazia]

https://aragon.chat/ is the main messenger, but github is probably better. I'm not sure I understand the question but I'd assume you'd use web3 to sign the data which should be in part 2 of the 3 steps above and should be in the handler.

[sohkai]

@mul1sh The request for signing should go through a similar observable as the transaction observable that a client implementation (e.g. aragon/aragon) can then pick up and show a UI for.

[jvluso]

Take a look at eip 712 and see if you can make this compatible with it.

[mul1sh]

@sohkai @Quazia @jvluso thanks for the feedback, I appreciate it 👍 let me implement it like this then, should be done in a few hours 🙂

[mul1sh]

@sohkai whats the difference between an Aragon wrapper and an Aragon app?

[gitcoinbot]

@mul1sh Hello from Gitcoin Core - are you still working on this issue? Please submit a WIP PR or comment back within the next 3 days or you will be removed from this ticket and it will be returned to an ‘Open’ status. Please let us know if you have questions!

• [x] warning (3 days)
• [ ] escalation to mods (6 days)

Funders only: Snooze warnings for 1 day | 3 days | 5 days | 10 days | 100 days

[gitcoinbot]

@mul1sh Hello from Gitcoin Core - are you still working on this issue? Please submit a WIP PR or comment back within the next 3 days or you will be removed from this ticket and it will be returned to an ‘Open’ status. Please let us know if you have questions!

• [x] warning (3 days)
• [ ] escalation to mods (6 days)

Funders only: Snooze warnings for 1 day | 3 days | 5 days | 10 days | 100 days

[mul1sh]

@sohkai @Quazia any feedback on this query? https://github.com/aragon/aragon.js/issues/124#issuecomment-434746107 , want to wrap up this issue

[sohkai]

@mul1sh The "wrapper" (as we used to call it), is aragon/aragon, and is what's used to view an org and its installed apps (e.g. aragon-apps).

In particular, aragon/aragon will need another flow in the signing panel to handle signature requests from apps, displaying both which app requested it, as well as the data they'd like to sign.

[mul1sh]

@sohkai awesome thanks for the clarification, let me wrap up this issue then

[gitcoinbot]

@mul1sh Hello from Gitcoin Core - are you still working on this issue? Please submit a WIP PR or comment back within the next 3 days or you will be removed from this ticket and it will be returned to an ‘Open’ status. Please let us know if you have questions!

• [x] reminder (3 days)
• [ ] escalation to mods (6 days)

Funders only: Snooze warnings for 1 day | 3 days | 5 days | 10 days | 100 days

[gitcoinbot]

@mul1sh Hello from Gitcoin Core - are you still working on this issue? Please submit a WIP PR or comment back within the next 3 days or you will be removed from this ticket and it will be returned to an ‘Open’ status. Please let us know if you have questions!

• [x] reminder (3 days)
• [ ] escalation to mods (6 days)

Funders only: Snooze warnings for 1 day | 3 days | 5 days | 10 days | 100 days

[mul1sh]

@gitcoinbot yeah final commit coming up shortly

[spm32]

Thanks for the update @mul1sh!

[gitcoinbot]

@mul1sh Hello from Gitcoin Core - are you still working on this issue? Please submit a WIP PR or comment back within the next 3 days or you will be removed from this ticket and it will be returned to an ‘Open’ status. Please let us know if you have questions!

• [x] reminder (3 days)
• [ ] escalation to mods (6 days)

Funders only: Snooze warnings for 1 day | 3 days | 5 days | 10 days | 100 days

[gitcoinbot]

@mul1sh Hello from Gitcoin Core - are you still working on this issue? Please submit a WIP PR or comment back within the next 3 days or you will be removed from this ticket and it will be returned to an ‘Open’ status. Please let us know if you have questions!

• [x] reminder (3 days)
• [ ] escalation to mods (6 days)

Funders only: Snooze warnings for 1 day | 3 days | 5 days | 10 days | 100 days

[gitcoinbot]

Issue Status: 1. Open 2. Started 3. Submitted 4. Done

---

@mul1sh due to inactivity, we have escalated this issue to Gitcoin's moderation team. Let us know if you believe this has been done in error!

• [x] reminder (3 days)
• [x] escalation to mods (6 days)

Funders only: Snooze warnings for 1 day | 3 days | 5 days | 10 days | 100 days

[gitcoinbot]

Issue Status: 1. Open 2. Started 3. Submitted 4. Done

---

@mul1sh due to inactivity, we have escalated this issue to Gitcoin's moderation team. Let us know if you believe this has been done in error!

• [x] reminder (3 days)
• [x] escalation to mods (6 days)

Funders only: Snooze warnings for 1 day | 3 days | 5 days | 10 days | 100 days

[mul1sh]

@gitcoinbot sorry for the silence, i'll wrap up this over the weekend because i'm still working on the signing part for the aragon part.

[mul1sh]

@sohkai one last confirmation, for the signing part in aragon, should the signing flow be the same as the one for transactions or is their a difference?

[Quazia]

@mul1sh the flow should be the same but the information on the signing panel shouldn't necesarily be the same.

[mul1sh]

@Quazia ok thanks so what info should I show in the signing panel?

[mul1sh]

@Quazia any help with the above 👆

[sohkai]

@mul1sh It should look similar to a directly invocable action, but containing the message you want to sign instead of the transaction:

[mul1sh]

@sokhai, perfect thanks for the feedback, let me wrap this up then

[rmshea]

hey @mul1sh any updates here?

[mul1sh]

@ryan-shea yes, also working on some final changes for my above PR, I'll push them by the end of this week.

[vol4tim]

Hey @mul1sh. When will the update be ready?

[mul1sh]

@vol4tim still working on it, but it will be ready by mid, this week

[Schwartz10]

@mul1sh any updates?

[mul1sh]

@Schwartz10 sorry been a bit busy again, but I will wrap this over the weekend

[stellarmagnet]

@mul1sh if you don't wrap this up over the weekend, we are going to have to take on the ticket ourselves, as it is now a blocker for our work.

[mul1sh]

@stellarmagnet sure no worries, i've actually resumed working on it now, so i'm confident by latest Sunday i'll be done. Thanks

[gitcoinbot]

⚡️ A tip worth 1.15000 ETH (327.34 USD @ $284.64/ETH) has been granted to @mul1sh for this issue from @Quazia. ⚡️

Nice work @mul1sh! Your tip has automatically been deposited in the ETH address we have on file.

• $128476.38 in Funded OSS Work Available at: https://gitcoin.co/explorer
• Incentivize contributions to your repo: Send a Tip or Fund a PR
• No Email? Get help on the Gitcoin Slack

[gitcoinbot]

Issue Status: 1. Open 2. Started 3. Submitted 4. Done

---

This Bounty has been completed.

Additional Tips for this Bounty:

• Quazia tipped 1.1500 ETH worth 327.34 USD to mul1sh.

---

• Learn more on the Gitcoin Issue Details page
• Questions? Checkout Gitcoin Help or the Gitcoin Slack
• $128,149.04 more funded OSS Work available on the Gitcoin Issue Explorer

[sohkai]

@Quazia Hmm, I think this is definitely wrong, the bounty should go to @Schwartz10 since he's implementing it.