Authorise another wallet to undertake a certain action without knowing their wallet address
- Say Alice wants to invite Bob to her team on a dApp.
- She cannot invite Bob via an email invite since the dApp cannot verify that on chain
- She's also not familiar with Bob's primary wallet address, and asking another person for their address on a specific chain is cumbersome
anon-authoriser
comes in to solve this specific problem.- The SC allows Alice to simply generate an invite link and share this with Bob off-chain. Can be done via any instant messaging platform or an email.
- Bob can then use this invite link to verify his identity on chain and join Alice's team
The same principle can be extended to allow a user access to certain features or authorise them to take certain actions.
- Let's assume Alice wants to authorise Bob to take a certain action. In this case, Alice is the authoriser.
- Alice Creates a public-private key pair
(Pu, Pr)
& compute addressA = Address(Pu)
.- Note: your ETH address is a function of your public key -- which is
A
in this case
- Note: your ETH address is a function of your public key -- which is
- She denotes the purpose of the authorisation with a flag F. This flag prevents Bob from using Alice's authorisation to undertake another action that she hasn't authorised
- She then asks the SC to store this as a pending authorisation with the call:
generateAnonAuthorisation(A, F)
- SC stores Alices wallet Wa and flag F against the address A
- SC ensures this address hasn't been used already & returns successfully
- Alice sends Bob her wallet address, the private key and authorisation flag (Wa, Pr, F)
- Bob signs his wallet address (
Wb
) usingPr
S = Sign(Wb, Pr)
- Bob requests the SC to verify authorisation using
anonAuthorise(Wa, F, S)
- Solidity signature check returns the address that signed the message. The SC uses this to verify the signature sent by Bob, the message being Bob's wallet address
A' = Verify(Wb, S)
- SC checks if there is a record stored against
A'
- Finally, SC checks that the authoriser specified (
Wa
in this case) and the flag of purpose F specified match the existing record. - If everything matches, SC returns successfully and deletes the record so it cannot be used again
- Bob is now considered authorised.
Pr
can even be published online as it cannot be used now
- Clone the repository, and
cd
into the repository - Run
yarn
to install all deps - To run tests:
yarn test
- If you make changes to the contract:
- be sure to generate the latest types using
yarn build:sol
- lint the typescript using
yarn lint:ts
- be sure to generate the latest types using
You can include this in your smart contract project and/or your JS project to invoke the contract.
Install using yarn:
yarn add git+https://github.com/questbook/anon-authoriser
We're live on the following chains:
celo-alfajores-testnet: 0x2215f272cE9a8d7800DcfC23eC3d5d284912E197
rinkeby: 0xDf6643bef01F1627aC050149DAEde8Be3Eff29D2
celo-mainnet: 0x2d2F79aF6e50490b7C25EB93B7C8c060F4e56A2d
findora-testnet: 0x376cD6a04835Da22F99eeb9f89440697b0caDd84
harmony-mainnet: 0xF39E0AA8cA215D41dF7c9AeB3aBa76FfdAd0951F
polygon-mainnet: 0x0E50F1dbCF5274a43Fa7ddcBB564bEE9FaF745d0
polygon-mumbai: 0xA23FAe98239E5a8d5F1D2944725d06F2E79226EB
optimism-kovan: 0xfEc77DcD17d4b4F435893e8da0A7FC5d77DD4A1C
optimism-mainnet: 0x2215f272cE9a8d7800DcfC23eC3d5d284912E197
aurora-testnet: 0xF39E0AA8cA215D41dF7c9AeB3aBa76FfdAd0951F
evmos-testnet: 0xeDb10f503E128e9167a31c612aDeF4E098Da717e
moonbase-alpha: 0xeDb10f503E128e9167a31c612aDeF4E098Da717e
telos-mainnet: 0xff8051d32d7e82A933910AB216ccCf20e720bb03
telos-testnet: 0xe7Ac12DE956A977EE5a60F60291a80be972A805D
gnosis-mainnet: 0x0b30fbF81BC8fBf4a2B0c2AC758752CC0A735D2F
goerli-testnet: 0xeDb10f503E128e9167a31c612aDeF4E098Da717e
metis-testnet: 0x2b68c598310b035f3943a8eDaEb323683D1d8C8d
You can call the contract from your smart contracts or can call them directly from your dApp.
A good example of the former is our grants contract -- where we use this contract to enable invite links on our app.
TODO
- Create a
.env
file in./contract
folder - Supply your private key to the
.env
file:PRIVATE_KEY=0x12345
- Run
NETWORK={network} yarn deploy
to deploy the contract to the specific network.{network}
can be any of the networks specified in./chains.json
file. - To add another chain, submit a PR to our central chains repository -- which will auto-commit the new network to this repository, allowing you to run step 3 with the newly added network