Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Not able to connect with the new 3.7.0 and .btc username #2354

Closed
pradel opened this issue Apr 7, 2022 · 6 comments · Fixed by #2333
Closed

Not able to connect with the new 3.7.0 and .btc username #2354

pradel opened this issue Apr 7, 2022 · 6 comments · Fixed by #2333
Assignees
@janniks
Labels
bug Functionality broken bug-p2 Critical functionality broken for few users, with no clear workarounds

Comments

@pradel
Copy link
Contributor

pradel commented Apr 7, 2022

With the new Hiro wallet version 3.7.0, I am not able to connect to websites anymore for account that owns a .btc username. Connecting with an account that does not own an username is working fine.

This is the error I am seeing in the console:
Screenshot 2022-04-07 at 15 41 35

The ones I tried:

  • Arkadiko
  • Frens
  • Alex
@pradel pradel mentioned this issue Apr 7, 2022
Closed
@andresgalante andresgalante added the bug-p1 Critical functionality broken for many customers, with no clear workarounds label Apr 7, 2022
@markmhendrickson
Copy link
Collaborator

markmhendrickson commented Apr 7, 2022
edited
Loading

I just tried with my mark.btc name and authenticated to Arkadiko fine. I wonder if it's a particular type of .btc name 🤔

Screen.Recording.2022-04-07.at.16.29.59.mov

@markmhendrickson markmhendrickson added bug Functionality broken bug-p2 Critical functionality broken for few users, with no clear workarounds and removed bug-p1 Critical functionality broken for many customers, with no clear workarounds labels Apr 7, 2022
@markmhendrickson
Copy link
Collaborator

@pradel Do you have another .btc you can try to see if you get the same result?

@pradel
Copy link
Contributor Author

pradel commented Apr 7, 2022

I tried with 2 different ones and got the same issue

@markmhendrickson
Copy link
Collaborator

@janniks and I are thinking that this issue may get resolved by the work being done to remove BNS checking from authentication entirely here: #2333

He's going to prepare a test build and let you know here when it's ready for you to try with these .btc names that are failing for you.

@markmhendrickson markmhendrickson linked a pull request Apr 7, 2022 that will close this issue
fix: update to stacks.js 4.0.0 (removes username checking) #2333
Merged
@janniks
Copy link
Contributor

janniks commented Apr 8, 2022
edited
Loading

This is a strange one, and really two issues...

  • It seems for some accounts the username is NOT passed into the authResponse payload. These will succeed, because they essentially skip the username matching check. I couldn't figure out when it's passed and when it isn't — might need some help from the wallet team on this if we want to figure this out.
  • The username matching uses the iss/did part of the payload. This currently uses the btc-addr version of the address of the dataPrivateKey. BUT the registrar/API response's address (aka owner) includes the public address (the same address as shown in the wallet UI). So matching will fail even when it shouldn't, as it's comparing two different addresses of the same owner.

At first glance, it "looks" like the username matching check should have never worked. It's hard to track down the history of when API+stacks.js would have had matching addresses at the same time, if that was ever the case...

@janniks janniks mentioned this issue Apr 14, 2022
Merged
@markmhendrickson
Copy link
Collaborator

I'm closing this out since I believe it'll be resolved on the app's side with a Stacks.js upgrade to include hirosystems/stacks.js#1230. cc @janniks

@pradel pradel mentioned this issue Apr 21, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@janniks janniks

Labels
bug Functionality broken bug-p2 Critical functionality broken for few users, with no clear workarounds
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: update to stacks.js 4.0.0 (removes username checking) leather-io/extension
4 participants
@markmhendrickson @andresgalante @pradel @janniks