Page MenuHomePhabricator

[identity] use siwe message and signature from primary device as social proof
ClosedPublic

Authored by varun on Jan 31 2024, 2:10 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Nov 23, 6:28 PM
Unknown Object (File)
Sat, Nov 23, 4:55 PM
Unknown Object (File)
Sat, Nov 23, 4:35 PM
Unknown Object (File)
Sat, Nov 23, 3:05 PM
Unknown Object (File)
Sat, Nov 16, 6:16 PM
Unknown Object (File)
Sat, Nov 16, 6:16 PM
Unknown Object (File)
Sat, Nov 16, 6:16 PM
Unknown Object (File)
Sat, Nov 16, 6:16 PM
Subscribers

Details

Summary

we don't need the social_proof field in IdentityKeyInfo on wallet login. when we are registering a new wallet user, the SIWE message and signature are the social proof for the user. we can serialize this struct for now to avoid any DDB changes. in the future, we may want to store the signature and message separately, but @will can handle this as part of ENG-6372.

Test Plan

haven't tested yet, but two diffs after this one will test by calling the login_wallet_user RPC from native and confirming that the serialized social proof is present in DDB

Diff Detail

Repository
rCOMM Comm
Lint
No Lint Coverage
Unit
No Test Coverage

Event Timeline

varun requested review of this revision.Jan 31 2024, 2:29 PM
ashoat resigned from this revision.EditedJan 31 2024, 3:15 PM

@varun asked me to confirm that for the LogInWalletUser RPC, we should be looking at siwe_message / siwe_signature in WalletLoginRequest instead of social_proof in IdentityKeyInfo.

Confirming that here, but resigning since I don't have context on the Rust code.

Sidenote – It looks like GetInboundKeysForUser and GetOutboundKeysForUser use IdentityKeyInfo in their response types. If we remove social_proof from IdentityKeyInfo, we'll need to find another place to put it for those RPCs.

Might make sense to just fork IdentityKeyInfo. cc @will

Looks good to me. How about removing the social_proof from DeviceKeyUpload?


Sidenote – It looks like GetInboundKeysForUser and GetOutboundKeysForUser use IdentityKeyInfo in their response types. If we remove social_proof from IdentityKeyInfo, we'll need to find another place to put it for those RPCs.

Might make sense to just fork IdentityKeyInfo. cc @will

This is what ENG-6481 is about. We agreed that social proof can be removed from devices' IdentityKeyInfo and moved to the identity response field.

This revision is now accepted and ready to land.Jan 31 2024, 10:53 PM

Looks good to me. How about removing the social_proof from DeviceKeyUpload?

I assume you meant the DeviceKeyUploadActions trait. I agree we can remove social_proof() from that trait and the implementation. Will make this change before landing

This revision was landed with ongoing or failed builds.Feb 1 2024, 10:20 AM
This revision was automatically updated to reflect the committed changes.

Looks good to me. How about removing the social_proof from DeviceKeyUpload?

I assume you meant the DeviceKeyUploadActions trait. I agree we can remove social_proof() from that trait and the implementation. Will make this change before landing

Yes, exactly 👍