Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Wallet Fix] Authorize signing with respect to authToken rather than selected account #471

Open
Michaelsulistio opened this issue May 22, 2023 · 1 comment

Comments

@Michaelsulistio
Copy link
Contributor

Michaelsulistio commented May 22, 2023

Issue

Currently, mobile wallets, like Phantom and Solflare, are signing MWA requests only if the authToken matches the selected account in the wallet app. If there is a mismatch, then the request will fail with an authToken invalid error.

This is actually incorrect behavior according to the MWA spec because the authToken is valid. See the repro for an example.

This is poor UX for users that could have multiple accounts for different dApps. Users are bound to encounter this issue and won't fully understand how to fix it (they need to switch back to 'Account 1' in the wallet app or disconnect from the wallet and reconnect with 'Account 2')

Repro/Video
Steps to repro:

  1. User is currently selected on Wallet App Account 1
  2. User connects to Wallet App on dApp and is authorized and given authToken Z
  3. User switches back to Wallet App and switches to Account 2
  4. User switches back to dApp and tries to authorize with authToken Z for signing/sending, and fails with SolanaMobileWalletAdapterError: -1/auth_token not valid for signing
Phantom Solflare Ultimate
Phantom Repro Video TODO TODO

Proposal/Fix
The wallet should conform to the MWA Spec and always sign a transaction if the authToken is valid (and sign with the authorized accounts). From the spec "the wallet endpoint should sign the transactions with the private keys for the requested authorized account addresses, and return the signed transactions to the dapp endpoint."

When requested for signing, the wallet app should:

  1. Check the transactions for requested account signatures
  2. Check the authToken for authorized accounts
  3. Sign the transactions with the private keys for the requested authorized accounts
@steveluscher
Copy link
Contributor

steveluscher commented May 23, 2023

Not to pick on Phantom here but the same confusing UX exists on desktop.

  1. ‘Connect’ website X to wallet A using the Phantom browser extension
  2. Website X caches the authorized pubkey (eg. in localStorage)
  3. Switch to wallet B in the Phantom browser extension

Having switched away from wallet A, the authorization that website X sought from the Phantom browser extension (eg. the pubkey of that account) is unusable until the user switches from wallet B back to wallet A.

As I move between websites and wallets in the Phantom UI, mismatches between the wallet a website received authorization for and the wallet that's currently selected in the Phantom browser extension is a persistent source of microaggression that contributes to the ecosystem feeling a bit janky. I'd love to see wallets simply honour the authorizations they dole out, when asked, as you've described.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants