-
-
Notifications
You must be signed in to change notification settings - Fork 11
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Wallet revoke permissions #145
Conversation
If this is going to change the public JSON-RPC API, then a MIP needs to be created for this change. Going through the process would further facilitate the review/acceptance/implementation cycle. |
}, | ||
"value": { | ||
"title": "CaveatValue", | ||
"description": "Value of the caveat." |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this is technically any
. any thoughts on other ways to represent this @BelfordZ
openrpc.json
Outdated
"result": { | ||
"name": "UpdatedPermissionsAfterRevoke", | ||
"description": "The list of the revoked permissions objects", | ||
"schema": { | ||
"$ref": "#/components/schemas/PermissionsList" | ||
} | ||
}, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since this response is expected for a dApp that was already connected previously, will the wallet_revokePermissions
RPC method will only be accessible to dApps who are connected (ie: its a restricted method)?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It could. It doesn't have to be though, it could just return an empty array if there are no existing permissions.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just saw the update to the description. Makes sense now 👍
If we are allowing this method without being connected, we should ensure its resistant to timing attacks which can reveal if a specific snap or account exists on the device.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
…stPermissions and revokePermissions
Description
This pull request adds the "wallet_revokePermissions" JSON-RPC method, which allows revoking permissions from the current domain. It provides the flexibility to revoke all permissions for a specified permission or revoke permissions for specific caveats like account addresses.
Changes Made