Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use gists for github account connection #131

Open
ianconsolata opened this issue Sep 25, 2024 · 1 comment
Open

Use gists for github account connection #131

ianconsolata opened this issue Sep 25, 2024 · 1 comment
Assignees

Comments

@ianconsolata
Copy link
Collaborator

Keybase uses github gists for their verification process. Here is an example: https://gist.github.com/DonnchaC/9898347

And some documentation on how their system does it https://book.keybase.io/docs/server, as well as the library they use for proofs: https://github.com/keybase/proofs

That is a significant improvement over the current system, which requires folks to add a blob to a public repo : https://github.com/filecoin-project/on-chain-voting/tree/main/ucan-utils

@ianconsolata
Copy link
Collaborator Author

@hexianglinss @willpan1102 more context on this one, I do not think we need to use UCANs for this anymore -- keybase does it with simple message signing, and so as long as a similar blob of data is included in the gist and signed I think the UCAN bit is unnecessary.

The blob of data we can have folks post is probably pretty simple:

### Filecoin proof

I hereby claim:

  * I am <GITHUB_HANDLE> on Github.
  * I control <FILECOIN_WALLET_ADDRESS> (Filecoin wallet address).

To claim this, I am signing this object 

<OBJECT_TO_SIGN>

with my Filecoin wallet's private key, yielding the signature:

<INSERT_MESSAGE_SIGNATURE>

And finally, I am proving ownership of the github account by posting this as a gist.

The object they sign over should include the github id, filecoin wallet address, and a timestamp, and should use whatever interoperable message format feels most convenient for you (i.e. if MetaMask has a standard signing format where we can input this data, lets just do that.)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants