Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SEP-45: Handle require_auth in __check_auth #1648

Draft
wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

SEP-45: Handle require_auth in __check_auth #1648

wants to merge 1 commit into from

Conversation

philipliu
Copy link
Contributor

@philipliu philipliu commented Feb 10, 2025
edited
Loading

A recording simulation will not generate authorization entries required by a client contract's __check_auth implementation if it has nested require_auths. However, the client must provide these entries in the token request for the enforcing simulation to succeed. These entries do not follow the same format as the auth entries generated by the recording simulation and cannot not be verified by the server when receiving a token request.

An example of such auth entry looks like:

{
  "credentials": {
    "address": {
      "address": "GB36W6FIDEPLAH2XNM3CKJR4QRCKWVIKQANKOGWJN6NC6J3X5SVMUCPR",
      "nonce": 5990244105667177314,
      "signature_expiration_ledger": 1070813,
      "signature": {
        "vec": [
          {
            "map": [
              {
                "key": {
                  "symbol": "public_key"
                },
                "val": {
                  "bytes": "77eb78a8191eb01f576b3625263c8444ab550a801aa71ac96f9a2f2777ecaaca"
                }
              },
              {
                "key": {
                  "symbol": "signature"
                },
                "val": {
                  "bytes": "5a4147e292b3019fceb86833948642865bdb12ec71e0cf24f3238090461f6f73c2896a132b089a3c642b0b46f1500fa28cffdc4831a73e4cde52e557b9ba9c06"
                }
              }
            ]
          }
        ]
      }
    }
  },
  "root_invocation": {
    "function": {
      "contract_fn": {
        "contract_address": "CAASCQKVVBSLREPEUGPOTQZ4BC2NDBY2MW7B2LGIGFUPIY4Z3XUZRVTX",
        "function_name": "__check_auth",
        "args": [
          {
            "bytes": "ad31a086eeb53572dd5ac8c06f272c3dd86eb556ee765b9ad1c75b7691c1e6e6"
          }
        ]
      }
    },
    "sub_invocations": []
  }
}

GB36W6FIDEPLAH2XNM3CKJR4QRCKWVIKQANKOGWJN6NC6J3X5SVMUCPR auth is required for a client contract CAASCQKVVBSLREPEUGPOTQZ4BC2NDBY2MW7B2LGIGFUPIY4Z3XUZRVTX's __check_auth.

This PR relaxes the authorization entry verification performed by the server so that arbitrary authorization entries can be included in the token request.

@philipliu philipliu force-pushed the sep-45-nested-check-auth branch 6 times, most recently from 737ed93 to 5dcb933 Compare February 11, 2025 17:28
@philipliu philipliu force-pushed the sep-45-nested-check-auth branch from 5dcb933 to 7e8dc41 Compare February 11, 2025 17:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@philipliu