Wallet revoke permissions #145
Conversation
|
If this is going to change the public JSON-RPC API, then a MIP needs to be created for this change. Going through the process would further facilitate the review/acceptance/implementation cycle. |
| }, | ||
| "value": { | ||
| "title": "CaveatValue", | ||
| "description": "Value of the caveat." |
There was a problem hiding this comment.
this is technically any. any thoughts on other ways to represent this @BelfordZ
openrpc.json
Outdated
| "result": { | ||
| "name": "UpdatedPermissionsAfterRevoke", | ||
| "description": "The list of the revoked permissions objects", | ||
| "schema": { | ||
| "$ref": "#/components/schemas/PermissionsList" | ||
| } | ||
| }, |
There was a problem hiding this comment.
Since this response is expected for a dApp that was already connected previously, will the wallet_revokePermissions RPC method will only be accessible to dApps who are connected (ie: its a restricted method)?
There was a problem hiding this comment.
It could. It doesn't have to be though, it could just return an empty array if there are no existing permissions.
There was a problem hiding this comment.
Just saw the update to the description. Makes sense now 👍
If we are allowing this method without being connected, we should ensure its resistant to timing attacks which can reveal if a specific snap or account exists on the device.
…stPermissions and revokePermissions
Description
This pull request adds the "wallet_revokePermissions" JSON-RPC method, which allows revoking permissions from the current domain. It provides the flexibility to revoke all permissions for a specified permission or revoke permissions for specific caveats like account addresses.
Changes Made