-
Notifications
You must be signed in to change notification settings - Fork 116
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PKG -- [sdk] Use keyID from signatures #1679
base: master
Are you sure you want to change the base?
Conversation
🦋 Changeset detectedLatest commit: a2dfa14 The changes in this PR will be included in the next version bump. This PR includes changesets to release 1 package
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
Hey @scottphc! Thank you for submitting this PR! I'm wondering if FCL's existing Also i'm thinking that changing the account/keys combinations(s) after |
Hi @JeffreyDoyle! Unfortunately, I'm thinking that authorizers in payload are only addresses and the keyId may not affect other signers/authorizers? |
Hey @scottphc! The FCL team has had a lot of discussions surrounding this PR. The consensus we have ultimately landed on here is that this is something that should be able to be done in the The suggestion here would be to do a lot of what you traditionally do in the
I understand the inconvenience associated with implementing these changes, so I just wanted to give some context on why this PR won't be merged. The reasoning boils down to what the Do you see any reason that this approach may not work? |
I think PR here is the correct approach. I don't understand why it is not merged? KeyId is part of signature, am I missing something here? I think this is an FCL bug that you need to provide keyId in advance. It shouldn't matter to dapp which keys I choose to provide, as long as I provide valid keys and have total key weight. I think @tarakby can explain better than I do.
I think this is bad design, building on this assumption is the problem here. FCL should not make any assumptions on its own like this. If I can build a transaction with cli, send people to sign (with arbitrary keyId), and send to network, and network says this is valid transaction, SDK putting arbitrary limits on this flow is fault of SDK.
I think we can assure backwards compatibility here easily, by overriding keyId only if provided in the signature. ( which is already done in the PR ) |
Thanks for the tag!
This sentence sounds valid to me, as long as the signers provide the keys they used for each signature. Unfortunately I am not familiar with FCL use cases and not sure I understood the arguments above correctly (I work more on the protocol side). I'll ping the FCL guys to have a look again at this issue. |
Hi, are there any updates on this? |
Blocto is now sunsetting their v1 wallet and this PR has not been resolved yet? They recommend that dapps use their fork of fcl? |
Hey everyone. I've just opened a FLIP with proposed changes to the FCL specification in order to solve this issue. onflow/flips#215 We should try to move discussion of this issue here :) |
The reason why this is crucial for us is that for our non-custodial users, each device they login with have a different key. When a transaction request appears, it is pushed to all of their devices and we can't know in advance which device they will use to sign the transaction.
cc @boczeratul