Closed frederikrothenberger closed 11 months ago
I guess I'm missing something, but previously it was clear that the permission (e.g. for the scope
icrc25_canister_call
) is issued for the identities included in the response. With the current change, when we have two separate calls, it is not clear which identities are meant for which permissions. Maybe add an example with a typical interplay of the scopes? Or maybe we can discuss it next week?
The selection of identities and the permission scopes granted are orthogonal. This was also the case previously, but making it two separate calls makes this more explicit.
Both, identities and permission scopes are selected / granted for a specific session. And both of these things can change independently over the lifetime of that session.
I.e.:
This PR splits the identitiy information part of the existing
icrc25_request_permission
method into another method calledicrc25_get_identities
. This makes the methods more focused.The PR also adds clarifying information about how user interaction should be handled for the given methods. In particular, it allows signers to skip user interaction if the user previously approved the same request.