CAIPs icon indicating copy to clipboard operation
CAIPs copied to clipboard
verified publisher icon ChainAgnostic

CAIP-282 - Browser Wallet Messaging Interface

Open pedrouid opened this issue 1 year ago • 5 comments

Standardized messaging for wallet interface in browser environments.

pedrouid avatar May 30 '24 17:05 pedrouid

Just sharing here some developments on this CAIP... after discussing it with several teams who gave very valuable feedback

  1. The interfaces have been changed to follow a JSON-RPC structure to make it more agnostic and easier to use with multiple transports
  2. Enforcing window.postMessage makes this CAIP not very future-proof as Chrome Extensions are slowly migrating to externally_connectable
  3. This CAIP is more useful if it does NOT describe the actual transport and instead focuses on the discovery interfaces
  4. The usage of window.postMessage without mentions of targetOrigin creates huge security concerns

What are the next steps?

a. Separate window.postMessage from discovery interface into two CAIPs b. Create a new CAIP which uses the discovery interface with externally_connectable c. Create a new CAIP which uses the discovery interface with window.dispatchEvent

What is the end goal?

This CAIP intends to provide the most agnostic and interoperable interface for wallet discovery and consequentally handshake and signing.

Since CAIP-25 and CAIP-27 already describe handshake and signing then CAIP-282 will focus purely on discovery

Why create separate CAIPs for each transport?

These additional CAIPs are important for Apps and Libraries to support multiple wallet transports... most importantly the following:

  • window.postMessage for embedded wallets with iframes
  • window.dispatchEvent for legacy browser extension support
  • externally_connectable for newer browser extension support

The combination of all JSON-RPC interfaces and different transport specs will any wallet to be discoverable, connect and sign with a decentralized application for all CAIP compatible chains

pedrouid avatar Jun 24 '24 22:06 pedrouid

This PR now includes 3 proposals:

  • CAIP-282 -> Browser Wallet Discovery Interface
  • CAIP-294-> Browser Wallet Messaging for Extensions (window.dispatchEvent)
  • CAIP-295 -> Browser Wallet Messaging for Iframes (window.postMessage)

Still missing another standard to be included in this PR:

  • CAIP-296 -> Browser Wallet Messaging for Extensions (externally_connectable)

pedrouid avatar Jun 26 '24 22:06 pedrouid

apologies, pedro, my june comments were sitting in github UI limbo waiting to be batched to a complete review 🙄

bumblefudge avatar Aug 15 '24 09:08 bumblefudge

are we discussing this in person in Bangkok, btw, @adonesky1 @pedrouid ?

bumblefudge avatar Oct 28 '24 16:10 bumblefudge

LGTM 👌

I assume you meant this for the upstream PR onto this branch?

bumblefudge avatar May 19 '25 10:05 bumblefudge

Mostly Approved but there are still a few nits I couldn't fix myself and a few threads that it felt wrong to "resolve"... @pedrouid another 10min should get this over the line for me and on to ligi or al or obstropolous for final approval

@pedrouid bump

obstropolos avatar Aug 01 '25 15:08 obstropolos