Builder.delegateCapability fails for tokens originating from delegation

[dholms]

delegateCapability on the Builder API passes the issuer as both audience and requiredIssuer to Store.findWithCapability.

This works if the UCAN you are looking for has the capability by parenthood but not if the capability came from delegation

https://github.com/ucan-wg/ts-ucan/blob/main/packages/core/src/builder.ts#L224

[matheus23]

Yeah, right.

It seems like we'd need to actually provide the expected rootIssuer to delegateCapability, in case a Store was passed to it.

Maybe delegateCapability should just be two functions with two different signatures.

• delegateCapability(requiredCapability: Capability, proof: DelegationChain, semantics: DelegationSemantics) and
• delegateCapabilityFromStore(requiredCapability: Capability, rootIssuer: string, store: Store)

Possibly with better names :sweat_smile:

Maybe we can drop the Capability, so it's just delegate and delegateFromStore. And simplify the param name from requiredCapability to capability.