cosmos / advocates

Cosmos Advocates
5 stars 11 forks source link

authz tutorial #22

Open okwme opened 3 years ago

okwme commented 3 years ago

i'd like to see a demonstration of authz such that a user can separate their voting capabilities from their bank. I need to look into what the exact steps are to make this happen with authz but it's likely to be the most common initial use of the module and there should be special attention paid to ensuring it's easy to understand how to do this. Likely it should involve utilizing keplr to leverage the different key capabilities in an easy to understand way.

ryanchristo commented 3 years ago

Can you clarify what you mean by "a user can separate their voting capabilities from their bank"? Would a user create multiple accounts and then configure bank authorizations for one account and gov authorizations for another? For example, Alice has an account with tokens. Alice would like to delegate her votes to Bob. Alice creates an authorization for Bob to vote on her behalf. Alice would like Carol to manage her funds. Alice creates an authorization for Carol to make transfers on her behalf.

Do you see this tutorial living in the sdk-tutorials repository? If so, would it be best to model the tutorial off of the current liquidity module tutorial, i.e. "Understand the Authz Module" section with an "Authz Module" page?

ryanchristo commented 3 years ago

Likely it should involve utilizing keplr to leverage the different key capabilities in an easy to understand way.

I like this idea but demonstrating with Keplr would require using a chain natively supported by Keplr with real funds. Any ideas?

Also, I started a draft for a tutorial that would be added to the sdk-tutorials repository. Let me know if this is the right approach.

https://github.com/cosmos/sdk-tutorials/pull/786

okwme commented 3 years ago

this draft looks like the right direction! I think specifically targeting validators who are comfortable with the CLI and pushing the message: "use a new key to do your voting" is the right way to go. It's dangerous for validators to be using their validator keys to do things like making votes. I would imagine the easiest step is delegating the authorization to another account. What does it look like for that other person to actually execute the vote on behalf of the original user tho? Do you need to customize a --generate-only vote message so it has a different from address and dump it into .json file as a parameter to something like an execute tx with the authz module? would be good to not need keplr since this should be prioritized for validators that would be comfortable with CLI (although would be amazing to eventually have in a keplr interface... this might be something that @cosmos/adoriasoft could work on)

ryanchristo commented 3 years ago

Thanks for clarification!

What does it look like for that other person to actually execute the vote on behalf of the original user tho? Do you need to customize a --generate-only vote message so it has a different from address and dump it into .json file as a parameter to something like an execute tx with the authz module?

I updated the draft and I will further refine but here are the basic steps:

https://github.com/cosmos/sdk-tutorials/pull/786/files#diff-9a116f760626f536f81ec344687c1aeab8fb3d904bd76e3a4294a9175bc07b71R143-R177

this should be prioritized for validators that would be comfortable with CLI

Ok, thanks!