feat: read-only mode via delegations with queries-only permissions#4016
Draft
aterga wants to merge 1 commit into
Draft
feat: read-only mode via delegations with queries-only permissions#4016aterga wants to merge 1 commit into
aterga wants to merge 1 commit into
Conversation
Adds a "Read-only mode" checkbox to the authorize continue screen. When enabled, account delegations prepared for the session carry the new permissions field set to "queries" (covered by the delegation signature), which makes the IC reject update calls authenticated through them (see dfinity/ic#10449) while query calls remain permitted. - BE: trailing read_only opt arg on prepare_account_delegation and get_account_delegation; local delegation_signature_msg helper supporting the permissions field; Delegation candid record gains permissions : opt text. - FE: checkbox wired through authorizationStore into the ICRC-34 delegation channel handler and passed to both endpoints. - Tests: integration test asserting the permissions field, signature validity, and that the signature binds to the permissions (lookup without read_only yields NoSuchDelegation). Note: returning restricted delegations to relying parties requires @icp-sdk/core to round-trip the permissions field; until then, restricted delegations fail closed on the dapp side.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds a "Read-only mode" checkbox to the authorize continue screen. When enabled, account delegations prepared for the session carry the new
permissionsfield set to"queries"(covered by the delegation signature), which makes the IC reject update calls authenticated through them (see dfinity/ic#10449) while query calls remain permitted.read_only : opt boolarg onprepare_account_delegationandget_account_delegation; localdelegation_signature_msg_with_permissionshelper supporting thepermissionsfield; theDelegationcandid record gainspermissions : opt text.authorizationStoreinto the ICRC-34 delegation channel handler and passed to both endpoints.permissionsfield, signature validity, and that the signature binds to the permissions (lookup withoutread_onlyyieldsNoSuchDelegation).Note: returning restricted delegations to relying parties requires
@icp-sdk/coreto round-trip thepermissionsfield; until then, restricted delegations fail closed on the dapp side.Notes on applying
main(originally cut against794b7d2); merged cleanly.*.po) were intentionally left untouched:main's committed catalogs are already behind its sources, and catalog updates land via the separate translation job.Verification
cargo check/cargo clippy --all-targetsclean forinternet_identity,internet_identity_interface,canister_teststsc --noEmit,svelte-check(0 errors),eslintpassscripts/build; integration tests against the built wasm:accounts::should_get_read_only_account_delegation_with_queries_permissionspassesaccounts::module: 22 passed, 0 failedhttps://claude.ai/code/session_018gHRjyFYqumMxAMwbPRLuN
Generated by Claude Code