Open menxit opened 4 years ago
🔥
So, some sort of RPC to drive the wallet from local apps. Nice idea!
One thing we would be wary of is that this opens local exploits. maybe authorize is there for some mitigation, but as a minimum protection, we can think of:
Another thing we can think of - nothing critical but thinking long term, maintainability, compatibility and less possible future technical debt - is look at what ETH uses for commands/methods name for such things. May seem silly, but if eth wallets or nodes have some similar commands, keeping the methods and param names the same means it's way easier to document, point to an existing spec, and easier for eth devs to jump in. Custom names will mean translation layers, incompatible implementations between wallets aso. Not sure if there are standard for this specifically, but worth looking at before defining custom commands. Just a hint to avoid future pain and lead the way.
This issue is about to make idena-pocket able to be a bridge signer for external Dapps. The idea is to base the communication on
window.postMessage
. An external Dapp can open idena-pocket and send arbitrary messages:On the other side idena-pocket should be able to manage these messages, accepting only the ones described by following protocol.
Protocol
Protocol is based on three different type of messages:
REQUEST
: messages sent by external dappRESULT
: messages sent by idena-pocketERROR
: error sent by idena-pocketAuthorize
Retrieve address
Send transaction