TokenScript icon indicating copy to clipboard operation
TokenScript copied to clipboard

Published 20 hours ago verified publisher icon SmartTokenLabs

Design TokenScript for attestation tokens

Open AW-STJ opened this issue 4 years ago • 8 comments
trafficstars

@oleggrib - can you share your requirement for TokenScript

AW-STJ avatar Nov 09 '21 10:11 AW-STJ

List of the properties to describe in TokenScript:

  • TokenName
  • TokenDescription
  • TokenWebsiteURL
  • Token schema (property->type)
  • attestationOrigin
  • AttestorPublicKey
  • tokenOrigin
  • magicLinkParamsSchema (token, secret, pok ,id, type)
  • localStorageDBName
  • localStorageTokenItemName
  • localStorageEthKeyItemName
  • tokenUniqueIdParam
  • IssuerPublicKey
  • WhiteListDomainNames
  • CryptoVerifyServerAPIEndpopint
  • DomainsWhiteList
  • DomainsBlackList

@nicktaras , do you need some additional properties in the TokenScript to describe specific token?

oleggrib avatar Nov 10 '21 08:11 oleggrib

I can see config data in the Readme.md in the https://github.com/TokenScript/token-negotiator

those data must be syncronized with backend validator, other services who use this token etc.

Also webster have to know some tech info about this Token and can make mistake somewhere.

In case if we finish this task then we can pass just tokenName to the Negotiator, other data can be fetched from remote XML file.

Lets do next:

  • define fields list
  • create XML file with embedded token data
  • copy XML parser code from https://testshop.antopolbus.rv.ua/ts3/passive-negotiation.html, its vanilla JS, I have improved version in TS as angular service

@nicktaras @micwallace @foxgem @AW-STJ

oleggrib avatar Apr 14 '22 00:04 oleggrib

Yep 100% agree Oleh. As soon as we get this into TokenScript we can take advantage of the TokenScript signing security.

micwallace avatar Apr 14 '22 11:04 micwallace

@micwallace , @nicktaras do you work on this issue? if no then lets make simple JSON file (as forst draft) in specific location and read it from there. ok? I can do the PR.

oleggrib avatar May 24 '22 09:05 oleggrib

@micwallace , @nicktaras will we still duplicate config? out backend should validate it too, so we need aligned config. With more duplication more chanses make mistake.

oleggrib avatar Jun 28 '22 02:06 oleggrib

I will escalate this with @weiwu-zhang. We had discussed this recently as well.

If we are hitting this issue again, and is related to attestation.id as well, then its high time to decide on the config before moving forward

AW-STJ avatar Jun 28 '22 07:06 AW-STJ

If we are hitting this issue again, and is related to attestation.id as well, then its high time to decide on the config before moving forward

@AW-STJ , This questions is not related to attestation.id (we use OTP email verification, so attestation.id completely separated from token), but related to tokenNegotiator.Client, tokenNegotiator.Client, crypto-verify and hotelBogota_backend(in case if third party website validate data without API)

oleggrib avatar Jun 28 '22 12:06 oleggrib

Some redundant field have been removed from the negotiator interfaces. Defaults are still set in Outlet but can be overridden. Currently, here is what is required in both client and outlet:

export interface OffChainTokenConfig {
    title: string;
    image: string;
    tokenOrigin: string;
    unEndPoint: string;
    attestationOrigin: string;
    tokenParser?: any; // Note: This will be changed to tokenSchema, which will be embedded in the XML
    base64senderPublicKeys: {[devconId: string]: string};
    base64attestorPubKey: string;
}

I have created a dynamic schema parser that works with asn1-schema library to parse & serialize asn1 based on a JSON schema definition. This can be used to parse an arbitrary token schema defined within XML.

micwallace avatar Jul 26 '22 07:07 micwallace