10
45
Fork
You've already forked doipjs
28

Add support for polkadot address claim #33

Open
sorpaas wants to merge 2 commits from sorpaas/doipjs:sp-polkadot into main
pull from: sorpaas/doipjs:sp-polkadot
merge into: keyoxide:main
keyoxide:main
keyoxide:dev
keyoxide:fix-irc-fetcher
keyoxide:new-claim-eveonline-143
keyoxide:prepare-new-release
keyoxide:fix-jsdoc-types
keyoxide:yarn-to-npm
keyoxide:support-openpgp-aspe-claims
keyoxide:support-html-alias
keyoxide:improve-activitypub-support
keyoxide:v1-restructure
keyoxide:into-es-module
keyoxide:support-aspe
keyoxide:fix-js-lsp-issues
keyoxide:improve-linting
keyoxide:add-markers
keyoxide:support-opencollective-claim
keyoxide:support-entity-decoding
keyoxide:use-rome-tools
keyoxide:support-cloudflare-buster
keyoxide:support-fediverse-posts
keyoxide:matrix-room-verification
First-time contributor
Copy link

This PR adds support to allow verifying ownership of Polkadot addresses. The claim is written as text, and the address owner is expected to put it as a system.remark on-chain message (called "extrinsic" in Polkadot). We can then use any blockchain explorer to retrieve that and verify ownership.

Some extensions to the claim definitions have to be written. Support for POST HTTP method was added, as well as a new claim relation EXACTEQUAL. The latter is needed to verify that the sender of the on-chain message is the same as the address to be verified. I think this is actually needed by Github claims as well -- the API currently only checks for https://api.github.com/gists/<id> but not the actual profile name.

In principle, the same method can work for Ethereum as it's similar. For Bitcoin, due to UTXO and the strong focus to never reuse addresses, it's probably not really useful to verify address ownership.

This PR adds support to allow verifying ownership of Polkadot addresses. The claim is written as text, and the address owner is expected to put it as a `system.remark` on-chain message (called "extrinsic" in Polkadot). We can then use any blockchain explorer to retrieve that and verify ownership. Some extensions to the claim definitions have to be written. Support for POST HTTP method was added, as well as a new claim relation `EXACTEQUAL`. The latter is needed to verify that the sender of the on-chain message is the same as the address to be verified. I think this is actually needed by Github claims as well -- the API currently only checks for `https://api.github.com/gists/<id>` but not the actual profile name. In principle, the same method can work for Ethereum as it's similar. For Bitcoin, due to UTXO and the strong focus to never reuse addresses, it's probably not really useful to verify address ownership.
Add support for polkadot address claim
All checks were successful
continuous-integration/drone/pr Build is passing
89fa0ee017
Should use claim.relation
All checks were successful
continuous-integration/drone/pr Build is passing
aa049770c3
Owner
Copy link

Thanks for the PR, and sorry for my late response.

Some interesting changes in this PR, I like the GET/POST support. It is also thanks to your EXACTEQUALS that I noticed how far I strayed with the EQUALS method. But even if that behavior is changed in the future, an EXACTEQUALS will be handy to have, so thanks.

Now, I am not overly familiar with polkadot. Would it be possible for you to give me an example of a proof?

Thanks for the PR, and sorry for my late response. Some interesting changes in this PR, I like the GET/POST support. It is also thanks to your `EXACTEQUALS` that I noticed how far I strayed with the `EQUALS` method. But even if that behavior is changed in the future, an `EXACTEQUALS` will be handy to have, so thanks. Now, I am not overly familiar with polkadot. Would it be possible for you to give me an example of a proof?
All checks were successful
continuous-integration/drone/pr Build is passing
This pull request has changes conflicting with the target branch.
  • src/claimDefinitions/index.js
  • src/fetcher/http.js
  • src/verifications.js
View command line instructions

Manual merge helper

Use this merge commit message when completing the merge manually.

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u sp-polkadot:sorpaas-sp-polkadot
git switch sorpaas-sp-polkadot
Sign in to join this conversation.
No reviewers
Labels
Clear labels
bug
Something is not working

Archived

enhancement
New feature

Archived

Contribution welcome
Get started contributing here
Good first issue
Good if you are new to the project or to open source contributions
Impact
External
Affects the people using the project
Impact
Internal
Affects on the people working on the project
Priority
Critical
Work on right now
Priority
High
Work on at earliest convenience
Priority
Low
Work on in spare time
Priority
Medium
Work on regularly
Review
Duplicate
Already exists
Review
Off Topic
Does not fall within the scope of the repo/project
Status
Backlog
Is not being worked on yet
Status
Blocked
Is waiting on something or someone
Status
Completed
Is done
Status
In Progress
Is being worked on
Status
Investigating
Is waiting on research or questions
Status
Needs Decision
Is waiting on a decision by the devs/contributors
Status
Needs Info
Is waiting on additional information before it can be solved
Status
Needs Triage
Is new issue that needs reviewing
Status
Testing
Is being checked and verified
Status
Waiting For Review
Is waiting on reviewers to approve
Status
Won't Fix
Won't be fixed
Type
Bug
Related to something not working as intended
Type
CI
Related to continuous integration
Type
Documentation
Related to documentation
Type
Enhancement
Related to a new feature or an improved one
Type
New Claim
Related to a new identity claim/proof
Type
Security
Related to security
Type
Tests
Related to code tests
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
keyoxide/doipjs!33
Reference in a new issue
keyoxide/doipjs
No description provided.
Delete branch "sorpaas/doipjs:sp-polkadot"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?