ts-ucan icon indicating copy to clipboard operation
ts-ucan copied to clipboard

Published 20 hours ago verified publisher icon ucan-wg

Builder.delegateCapability fails for tokens originating from delegation

Open dholms opened this issue 2 years ago • 1 comments

delegateCapability on the Builder API passes the issuer as both audience and requiredIssuer to Store.findWithCapability.

This works if the UCAN you are looking for has the capability by parenthood but not if the capability came from delegation

https://github.com/ucan-wg/ts-ucan/blob/main/packages/core/src/builder.ts#L224

dholms avatar Aug 15 '22 23:08 dholms

Yeah, right.

It seems like we'd need to actually provide the expected rootIssuer to delegateCapability, in case a Store was passed to it.

Maybe delegateCapability should just be two functions with two different signatures.

  • delegateCapability(requiredCapability: Capability, proof: DelegationChain, semantics: DelegationSemantics) and
  • delegateCapabilityFromStore(requiredCapability: Capability, rootIssuer: string, store: Store)

Possibly with better names :sweat_smile:

Maybe we can drop the Capability, so it's just delegate and delegateFromStore. And simplify the param name from requiredCapability to capability.

matheus23 avatar Aug 17 '22 13:08 matheus23