From 54fdd48fa1c71d9f97e282274887fa8913761597 Mon Sep 17 00:00:00 2001 From: Jordan Ribbink Date: Thu, 8 May 2025 16:32:36 -0700 Subject: [PATCH 1/4] Remove erroneous appIdentifier --- docs/tools/clients/fcl-js/proving-authentication.mdx | 5 ----- docs/tools/wallet-provider-spec/provable-authn.md | 1 - 2 files changed, 6 deletions(-) diff --git a/docs/tools/clients/fcl-js/proving-authentication.mdx b/docs/tools/clients/fcl-js/proving-authentication.mdx index 9c0eeaa903..c9a799e84a 100644 --- a/docs/tools/clients/fcl-js/proving-authentication.mdx +++ b/docs/tools/clients/fcl-js/proving-authentication.mdx @@ -92,11 +92,6 @@ The data within the `account-proof` service will look like this: nonce: "75f8587e5bd5f9dcc9909d0dae1f0ac5814458b2ae129620502cb936fde7120a", signatures: [CompositeSignature], - - // The app identifier is used to uniquely identify the application and is automatically - // derived from the RFC 6454 application origin by the FCL client. Wallets will embed this - // in the signed response to be treated as an attestation to the validity of this origin. - appIdentifier: "https://myapp.com" } } ``` diff --git a/docs/tools/wallet-provider-spec/provable-authn.md b/docs/tools/wallet-provider-spec/provable-authn.md index ad63d09bb5..e48acc777a 100644 --- a/docs/tools/wallet-provider-spec/provable-authn.md +++ b/docs/tools/wallet-provider-spec/provable-authn.md @@ -97,7 +97,6 @@ WalletUtils.onMessageFromFcl( // Nonce signed by the current account-proof (minimum 32 bytes in total, i.e 64 hex characters) nonce: "75f8587e5bd5f9dcc9909d0dae1f0ac5814458b2ae129620502cb936fde7120a", signatures: [CompositeSignature], - appIdentifier: "https://myapp.com" } } ``` From 95272e386abda3dde575073978f81722e142c58c Mon Sep 17 00:00:00 2001 From: Jordan Ribbink Date: Thu, 8 May 2025 16:37:14 -0700 Subject: [PATCH 2/4] fix RFC --- docs/tools/wallet-provider-spec/provable-authn.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/tools/wallet-provider-spec/provable-authn.md b/docs/tools/wallet-provider-spec/provable-authn.md index e48acc777a..846ff461b2 100644 --- a/docs/tools/wallet-provider-spec/provable-authn.md +++ b/docs/tools/wallet-provider-spec/provable-authn.md @@ -16,7 +16,7 @@ For example, it can be sent to the App’s backend and after validating the sign 1. Wallet receives Authn `FCL:VIEW:READY:RESPONSE` request and parses out the `appIdentifier`, and `nonce`. 2. The wallet authenticates the user however they choose to do, and determines the user's account `address` 4. The wallet must validate the `appIdentifier` against the RFC 6454 origin of the request if it matches the - format of a RFC 3454 URI. Requests with a mismatch should be rejected. Some legacy systems may use arbitrary strings as `appIdentifier` and not RFC 6454 origins. In this case, wallets should display a warning to the user that the app identifier does not match the origin of the request. + format of a [RFC 3986](https://www.rfc-editor.org/rfc/rfc3986) URI. Requests with a mismatch should be rejected. Some legacy systems may use arbitrary strings as `appIdentifier` and not [RFC 6454](https://www.rfc-editor.org/rfc/rfc6454.html) origins. In this case, wallets should display a warning to the user that the app identifier does not match the origin of the request. 5. Wallet prepares and signs the message: - Encodes the `appIdentifier`, `nonce`, and `address` along with the `"FCL-ACCOUNT-PROOF-V0.0"` domain separation tag, [using the encoding scheme described below](#account-proof-message-encoding). - Signs the message with the `signatureAlgorithm` and `hashAlgorithm` specified on user's key. **It is highly recommended that the wallet display the message data and receive user approval before signing.** @@ -56,7 +56,7 @@ WalletUtils.onMessageFromFcl( const {address, nonce, appIdentifier} = data.data // Validate the origin - if (origin !== appIdentifier) { + if (appIdentifier !== throw new Error("Invalid origin") } From ac622e7ab3b1485456df411dd7da0900b0d588c1 Mon Sep 17 00:00:00 2001 From: Jordan Ribbink Date: Thu, 8 May 2025 16:40:20 -0700 Subject: [PATCH 3/4] Update logic --- docs/tools/wallet-provider-spec/provable-authn.md | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/docs/tools/wallet-provider-spec/provable-authn.md b/docs/tools/wallet-provider-spec/provable-authn.md index 846ff461b2..486795e956 100644 --- a/docs/tools/wallet-provider-spec/provable-authn.md +++ b/docs/tools/wallet-provider-spec/provable-authn.md @@ -55,9 +55,12 @@ WalletUtils.onMessageFromFcl( (data, {origin}) => { const {address, nonce, appIdentifier} = data.data - // Validate the origin - if (appIdentifier !== - throw new Error("Invalid origin") + // Check if the appIdentifier is a valid RFC 3986 URI + if (!isValidOrigin(appIdentifier)) { + // Warn the user that the appIdentifier does not match the origin and to proceed with caution + } else if (origin !== appIdentifier) { + // Reject the request if the appIdentifier is a valid RFC 3986 URI but does not match the origin + throw new Error("Invalid appIdentifier") } const message = WalletUtils.encodeAccountProof( From e5bf45055c5a84a3c980cf5ceaf8fb1fa8edc7c4 Mon Sep 17 00:00:00 2001 From: Jordan Ribbink Date: Thu, 8 May 2025 16:48:39 -0700 Subject: [PATCH 4/4] change func name --- docs/tools/wallet-provider-spec/provable-authn.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/tools/wallet-provider-spec/provable-authn.md b/docs/tools/wallet-provider-spec/provable-authn.md index 486795e956..fde05e11f2 100644 --- a/docs/tools/wallet-provider-spec/provable-authn.md +++ b/docs/tools/wallet-provider-spec/provable-authn.md @@ -56,7 +56,7 @@ WalletUtils.onMessageFromFcl( const {address, nonce, appIdentifier} = data.data // Check if the appIdentifier is a valid RFC 3986 URI - if (!isValidOrigin(appIdentifier)) { + if (!isRfc3986Uri(appIdentifier)) { // Warn the user that the appIdentifier does not match the origin and to proceed with caution } else if (origin !== appIdentifier) { // Reject the request if the appIdentifier is a valid RFC 3986 URI but does not match the origin