From 3aa74efe509a4a6dfa477352305625b21bb3c636 Mon Sep 17 00:00:00 2001 From: Bjarte Stien Karlsen Date: Wed, 18 May 2022 13:48:18 +0200 Subject: [PATCH 1/8] started on flip --- flips/20220518-authaccount-identity.md | 55 ++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) create mode 100644 flips/20220518-authaccount-identity.md diff --git a/flips/20220518-authaccount-identity.md b/flips/20220518-authaccount-identity.md new file mode 100644 index 000000000..1b61bcd15 --- /dev/null +++ b/flips/20220518-authaccount-identity.md @@ -0,0 +1,55 @@ +# Title of FLIP + +| Status | (Proposed / Rejected / Accepted / Implemented) | +:-------------- |:---------------------------------------------------- | +| **FLIP #** | [NNN](https://github.com/onflow/flow/pull/NNN) (update when you have PR #) | +| **Author(s)** | Bjate Stien Karlsen (bjarte@find.xyz) | +| **Sponsor** | AN Expert (core-contributor@example.org) | +| **Updated** | 2022-05-18 | + +## Objective + +One of the most asked questions in the discord server is "how do i know what user called this method". In solidty the answer is "msg.sender", that pattern does not work on flow and it is not recommended to do things that way. + +One of the reasons it is not recommended is that there is no secure way of doing that. + +This FLIP aims to create an way to do it securely. Note that the FLIP does not cover when you should use this instead of other patterns for identifying the sender, it only covers that _if_ you need to do it you have a save way to do si. + +## Motivation + +Make is secure to identify that a particular auth account signed a transaction + +## User Benefit + +It makes it possible to use patterns that are common to solidity developers in flow + +## Design Proposal + +The design proposal and a implementation is provided in the following PR +https://github.com/onflow/cadence/pull/1363/files + +### Drawbacks + +It makes it possible to do something that it is documented is not best practice. Should this documentation be changed? + + +### Best Practices + +It makes it possible to do something that it is documented is not best practice. Should this documentation be changed? + +### Tutorials and Examples + +See PR for examples and changed docs + +### User Impact + +A user will be able to call `authAccount.identity` and get something that can verify that account but cannot be obtained any other way + + +## Related Issues + +https://github.com/onflow/cadence/pull/1363/files + +## Prior Art + +Solidity user msg.sender to identify who as signed a transaction From d330faea1fecede1a3eff773d379976374e7acf6 Mon Sep 17 00:00:00 2001 From: "Bjarte S. Karlsen" Date: Sat, 23 Jul 2022 16:42:17 +0200 Subject: [PATCH 2/8] Update flips/20220518-authaccount-identity.md Co-authored-by: Paul Gebheim --- flips/20220518-authaccount-identity.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/flips/20220518-authaccount-identity.md b/flips/20220518-authaccount-identity.md index 1b61bcd15..19a177ef6 100644 --- a/flips/20220518-authaccount-identity.md +++ b/flips/20220518-authaccount-identity.md @@ -11,9 +11,9 @@ One of the most asked questions in the discord server is "how do i know what user called this method". In solidty the answer is "msg.sender", that pattern does not work on flow and it is not recommended to do things that way. -One of the reasons it is not recommended is that there is no secure way of doing that. +One of the reasons it is not recommended is that there is no secure way of doing that. This FLIP aims to create a way to do it securely. -This FLIP aims to create an way to do it securely. Note that the FLIP does not cover when you should use this instead of other patterns for identifying the sender, it only covers that _if_ you need to do it you have a save way to do si. +*Note: This FLIP does not cover __when__ you should use this instead of other patterns for identifying the sender, it only provides a way to do it safely _if_ you need to do it. ## Motivation From 106f4552de38732c4518b45e9756139ac468a813 Mon Sep 17 00:00:00 2001 From: "Bjarte S. Karlsen" Date: Sat, 23 Jul 2022 16:42:27 +0200 Subject: [PATCH 3/8] Update flips/20220518-authaccount-identity.md Co-authored-by: Paul Gebheim --- flips/20220518-authaccount-identity.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flips/20220518-authaccount-identity.md b/flips/20220518-authaccount-identity.md index 19a177ef6..75db8ac24 100644 --- a/flips/20220518-authaccount-identity.md +++ b/flips/20220518-authaccount-identity.md @@ -17,7 +17,7 @@ One of the reasons it is not recommended is that there is no secure way of doing ## Motivation -Make is secure to identify that a particular auth account signed a transaction +Add a secure to identify if a particular auth account signed a transaction. ## User Benefit From 37d5a8cd80c38688d1896f85f2bdcacf7c651f0a Mon Sep 17 00:00:00 2001 From: "Bjarte S. Karlsen" Date: Sat, 23 Jul 2022 16:42:35 +0200 Subject: [PATCH 4/8] Update flips/20220518-authaccount-identity.md Co-authored-by: Paul Gebheim --- flips/20220518-authaccount-identity.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flips/20220518-authaccount-identity.md b/flips/20220518-authaccount-identity.md index 75db8ac24..b4e770e62 100644 --- a/flips/20220518-authaccount-identity.md +++ b/flips/20220518-authaccount-identity.md @@ -21,7 +21,7 @@ Add a secure to identify if a particular auth account signed a transaction. ## User Benefit -It makes it possible to use patterns that are common to solidity developers in flow +It makes it possible to use patterns that are common to Solidity developers in Flow. ## Design Proposal From 0aa49c5a0f74b9efab8748a58ec81b80596ab86a Mon Sep 17 00:00:00 2001 From: "Bjarte S. Karlsen" Date: Sat, 23 Jul 2022 16:42:52 +0200 Subject: [PATCH 5/8] Update flips/20220518-authaccount-identity.md Co-authored-by: Paul Gebheim --- flips/20220518-authaccount-identity.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flips/20220518-authaccount-identity.md b/flips/20220518-authaccount-identity.md index b4e770e62..94f8368fb 100644 --- a/flips/20220518-authaccount-identity.md +++ b/flips/20220518-authaccount-identity.md @@ -30,7 +30,7 @@ https://github.com/onflow/cadence/pull/1363/files ### Drawbacks -It makes it possible to do something that it is documented is not best practice. Should this documentation be changed? +Currently the documentation states that this pattern is not a best practice. Should this documentation be changed? ### Best Practices From 92434d87a0b01573bd9f0759f60582741d5209f1 Mon Sep 17 00:00:00 2001 From: "Bjarte S. Karlsen" Date: Sat, 23 Jul 2022 16:43:04 +0200 Subject: [PATCH 6/8] Update flips/20220518-authaccount-identity.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Bastian Müller --- flips/20220518-authaccount-identity.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/flips/20220518-authaccount-identity.md b/flips/20220518-authaccount-identity.md index 94f8368fb..7f5c9390f 100644 --- a/flips/20220518-authaccount-identity.md +++ b/flips/20220518-authaccount-identity.md @@ -9,7 +9,8 @@ ## Objective -One of the most asked questions in the discord server is "how do i know what user called this method". In solidty the answer is "msg.sender", that pattern does not work on flow and it is not recommended to do things that way. +One of the most asked questions regarding access control in Cadence is: "How do I know what user called this method?". In Solidity the answer is `msg.sender`. +However, [this pattern has several problems](https://docs.onflow.org/cadence/msg-sender/) and it is not recommended. One of the reasons it is not recommended is that there is no secure way of doing that. This FLIP aims to create a way to do it securely. From e21d06e16f5ad2d3d61a7fe95cf61dc76dddad3e Mon Sep 17 00:00:00 2001 From: "Bjarte S. Karlsen" Date: Sat, 23 Jul 2022 16:44:53 +0200 Subject: [PATCH 7/8] Update flips/20220518-authaccount-identity.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Bastian Müller --- flips/20220518-authaccount-identity.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flips/20220518-authaccount-identity.md b/flips/20220518-authaccount-identity.md index 7f5c9390f..2c5e800f5 100644 --- a/flips/20220518-authaccount-identity.md +++ b/flips/20220518-authaccount-identity.md @@ -53,4 +53,4 @@ https://github.com/onflow/cadence/pull/1363/files ## Prior Art -Solidity user msg.sender to identify who as signed a transaction +Solidity provides the `msg.sender` field which allows identifying who signed the currently running transaction. From 057277f961f5c78f0e3cfc14b46834255091e7d5 Mon Sep 17 00:00:00 2001 From: "Bjarte S. Karlsen" Date: Sat, 23 Jul 2022 16:45:05 +0200 Subject: [PATCH 8/8] Update flips/20220518-authaccount-identity.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Bastian Müller --- flips/20220518-authaccount-identity.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flips/20220518-authaccount-identity.md b/flips/20220518-authaccount-identity.md index 2c5e800f5..878b3d1b4 100644 --- a/flips/20220518-authaccount-identity.md +++ b/flips/20220518-authaccount-identity.md @@ -44,7 +44,7 @@ See PR for examples and changed docs ### User Impact -A user will be able to call `authAccount.identity` and get something that can verify that account but cannot be obtained any other way +A user will be able to call `authAccount.identity` and get a token representing the ability to access to an account, without it being obtainable any other way, i.e. it cannot be forged, as there is no constructor function for the `AuthAccount.Identity` type. ## Related Issues