Skip to content

Commit

Permalink
Add section on permission caveats
Browse files Browse the repository at this point in the history
  • Loading branch information
@FrederikBolding
FrederikBolding committed Oct 19, 2023
1 parent 28cac41 commit 257e6b4
Showing 1 changed file with 16 additions and 5 deletions.
21 changes: 16 additions & 5 deletions SIPS/sip-14.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,19 +38,33 @@ The new field can be specified as follows in a `snap.manifest.json` file:
"endowment:transaction-insight": {}
},
"dynamicPermissions": {
"snap_dialog": {}
"snap_dialog": {},
"snap_getBip44Entropy": [
{
"coinType": 1
},
{
"coinType": 3
}
]
}
}
```

### Permission caveats and merging

In this initial version, duplicated permissions in `initialPermissions` and `dynamicPermissions` MUST NOT be allowed. A permission MUST only be able to exist in one of the manifest fields.

Furthermore, permissions specified in `dynamicPermissions` MUST contain the caveats that will be requested at runtime and the permission request MUST fully match the caveats specified in the manifest.

### RPC Methods

This SIP also proposes new RPC methods to manage these new permissions:

#### snap_requestPermissions
This RPC method SHOULD function as a subset of the existing `wallet_requestPermissions` RPC method and take the same parameters and have the same return value. This function MAY be a middleware that rewrites requests to `wallet_requestPermissions` if needed.

This RPC method MUST prompt the user to get consent for any requested permissions and MUST validate that the requested permissions are specified in the manifest before continuing its execution.
This RPC method MUST prompt the user to get consent for any requested permissions and MUST validate that the requested permissions are specified in the manifest before continuing its execution (including caveats matching).

#### snap_getPermissions
This RPC method SHOULD be an alias for `wallet_getPermissions`, MAY be used by the snap for verifying whether it already has the permissions needed for operating. The return value and parameters SHOULD match the existing specification.
Expand All @@ -62,9 +76,6 @@ Note: This RPC method does not currently have a `wallet_` counterpart. Coordinat

This RPC method MUST validate that the permissions requested to be revoked does not contain or overlap with the `initialPermissions`.

### Permission Caveats
TBD

## Copyright

Copyright and related rights waived via [CC0](../LICENSE).

0 comments on commit 257e6b4

Please sign in to comment.