Closed johnsBeharry closed 2 years ago
Thanks for raising this. Same goes actually for the makeInvoice
calls.
Do you think we should always prompt the user? or should we also have some kind of "allowance" for this? (as we do for payments and lnurl-auth)
While there are options some sites give when logging in to state how long the session should be kept for (remember me) I think LNURL-Auth is similar to the webln.requestProvider()
. It's part of the "connect" flow so only needs to happen once unless the user disables / logs out of the site explicitly OR the extension is locked.
From my understanding even without auth, once webln has been enabled for the publisher the site would be able to request payments. So my rationale is that once the extension is unlocked, we can assume auth I granted (access to provider, and LNURL-Auth).
For signMessage()
I see this as a follow-up authorisation/verification request so we should go with the tightest security so it is explicit to the user what data is being signed. Same would apply for makeInvoice()
. Then adjust as we understand the usage of this functionality.
Explicit signMessage
also helps us train user behavior and understanding of keys which I think would be important in this new ecosystem.
Looking ahead we can adjust the initial connect modal to show these options
There is now a prompt for signMessage calls but we do not yet have the option to remember the decision.
Current Behaviour
Expected Behaviour