Feed API: Lack of information about wrong signature #983
Comments
|
@xrn Signing with Metamask prepending the "Ethereum Signed Message" header is not supported yet. It would imply changing the signing scheme in Feeds. This is an open debate: When signing a feed update, there is really no easy way the users know what they are signing when Metamask pops up. They would just see a blob of binary-encoded data. Additionally, for most Feeds use cases (e.g., posting messages to a forum-like app or the like), you would actually be signing quite a number of times, so you'd have Metamask popping up for every action-- really annoying. Also consider that the private key used to sign a Feed should not be the same private key you use for money. These keys should almost be throwaway or not important, so perhaps you could relax the security a bit for these keys. In the meantime, check out this complete JS signature example: I hope that helps |
|
Great thanks for the example! But still I think API should not return 200 and some additional message will be useful. |
|
Does the 200 status code still happen after #18008 was merged? If so, can you share the steps to get a wrong 200? Thanks |
|
I will check when code will be released |
|
closed by ethereum#18047 |
Here is my issue about CLI - #979
This one is about API interface
When the signature is not correct using the example from Swarm documentation - https://swarm-guide.readthedocs.io/en/latest/usage.html#javascript-example - and MetaMask signature
sign(keccak256("\x19Ethereum Signed Message:\n" + len(message) + message)))Where message = digest
I probably receive the wrong signature (pls let me know is comment if I should use for it Ethereum Signed.... or no). When I send it I receive status 200 but the feed is not updated. Here is an issue with missing signature ethereum/go-ethereum#18008 and it is fixed and returns 400 (could be 401 as well). In my opinion, the wrong signature case should return 403
The text was updated successfully, but these errors were encountered: