Snaps: Dynamic Permissions

[Montoya]

Ideally, most or all of the Snap permissions can be requested dynamically. A snap should be able to request, say, "endowment:ethereum-provider" or "snap_notify" when it needs to enable a related feature for a user, rather than having to request it at installation. There will need to be:

• A permission request modal flow (needs design)
• A way to specify an optional permission in the manifest (via a caveat), so that the Snap has to state that it may request the permission dynamically (hopefully this does not require a manifest version change)
• A controller / API for snap_requestPermissions (rather than exposing wallet_requestPermissions)

Questions:

1. How to integrate with PermissionsController
2. How to handle requesting with wallet_requestPermissions
3. Do we allow fully dynamic caveats, partial caveats, or not at all?
4. Does this mean each permission can be revoked? Can the Snap distinguish between static and dynamic permissions when doing snap_getPermissions? Conclusion: static permissions should not be revokable. Thus, we have a concept of "deferred request for a static permission."

"We should build this such that we give the user more power but we don't lock ourselves into a pattern long term. It may be that the midterm solution is to disallow having a permission in both static and dynamic namespace, because that can get complicated really fast."

First output is a SIP

Milestones:

1. No duplicate permissions
2. Possible merging of caveats
3. Signer Snaps makes this less important

[ajeetd]

@FrederikBolding do you know what the status of this is?

[FrederikBolding]

@ajeetd David has started this, but we need this to be implemented before we can proceed on our end.

[ajeetd]

@FrederikBolding dateds for this are for 2023 and it's not on our current Q4 roadmap. Come back in brainstorm session in Q3 2024 so will move this to Q1 2025 tentatively for now.