deso-protocol / identity Goto Github PK
View Code? Open in Web Editor NEWSign in with DeSo
License: MIT License
Sign in with DeSo
License: MIT License
SubmitTransaction: Problem processing transaction: VerifyAndBroadcastTransaction: Problem validating txn: ValidateTransaction: Problem validating transaction: : ConnectTransaction: : _connectBasicTransfer: Problem verifying txn signature: : RuleErrorInvalidTransactionSignature
I am doing it by access level 4 identity login approach:
This is what I am attempting to do: https://www.github.com/whoisanku/CHROME_EXT/blob/service/src/background/background.jsx
Hey all,
Can we reopen issue #114 please. The suggested fix does not work
Running into an issue with member.cash identity login - all requests are returning {approvalRequired: true}
The issue seems to be -
In the login window, a value, 'seed-hex-key-member.cash' is set in localStorage.
The iframe expects to be able to retrieve this value but finds that localStorage is empty so creates a new value.
localStorage is both get and set in the identity 'seedHexEncryptionKey' method.
Not sure why this issue is present on member.cash but not on bitclout.com - maybe to do with third party domain restrictions.
Issue can be seen and tested on current member.cash site.
Issues is consistent across Windows 10 Brave, Windows 10 Edge, Android Brave
Hi :), I would like to confirm a couple of questions about the Google Login:
Deso identity works when I use ng serve
command.
But when I use ng build --configuration production
and copy the dist folder to my server and then use Deso identity from there, I get the below error
https://myDesoIdentity.com/embed?v=2 not found.
I'm trying to add a BitClout login functionality to our web application.
So far I'm able to use the window.open context and send messages to "https://identity.bitclout.com/".
I'm getting the JWT and the public key of the user, but I need at least a username and profile picture.
Is there a way to get them? I saw that you have an endpoint in the backend-api.service, that returns the username and the profilePic (GetUsersStateless) - is there a way to consume this from our webapp?
I've seen this a few times after login, not sure why:
ERROR Error: uint64 overflow
kd https://identity.bitclout.com/main-es2015.ef005e59100a802a3388.js:1
read https://identity.bitclout.com/main-es2015.ef005e59100a802a3388.js:1
fromBytes https://identity.bitclout.com/main-es2015.ef005e59100a802a3388.js:1
fromBytes https://identity.bitclout.com/main-es2015.ef005e59100a802a3388.js:1
getRequiredAccessLevel https://identity.bitclout.com/main-es2015.ef005e59100a802a3388.js:1
handleSign https://identity.bitclout.com/main-es2015.ef005e59100a802a3388.js:1
handleRequest https://identity.bitclout.com/main-es2015.ef005e59100a802a3388.js:1
handleMessage https://identity.bitclout.com/main-es2015.ef005e59100a802a3388.js:1
e https://identity.bitclout.com/main-es2015.ef005e59100a802a3388.js:1
invokeTask https://identity.bitclout.com/polyfills-es2015.f888aaa0bd730994945c.js:1
onInvokeTask https://identity.bitclout.com/main-es2015.ef005e59100a802a3388.js:1
invokeTask https://identity.bitclout.com/polyfills-es2015.f888aaa0bd730994945c.js:1
runTask https://identity.bitclout.com/polyfills-es2015.f888aaa0bd730994945c.js:1
invokeTask https://identity.bitclout.com/polyfills-es2015.f888aaa0bd730994945c.js:1
f https://identity.bitclout.com/polyfills-es2015.f888aaa0bd730994945c.js:1
h https://identity.bitclout.com/polyfills-es2015.f888aaa0bd730994945c.js:1
main-es2015.ef005e59100a802a3388.js:1:746903
Sometime I get it over and over again. Sometimes it goes away and I can login fine!
As I understand it, this method was added to verify from the server side that the token is signed by an authorized user.
But this method requires passing 'encryptedSeedHex' in the payload. And 'encryptedSeedHex' is not available with read-only access (empty string).
I suggest to make this method without the requirement to pass 'encryptedSeedHex'.
As the Derived Key implementation is not clearly documented, I thought derivedSeedHex
would be interchangeable with seedHex
; thus, I copied the implementation provided in this repository (including src/lib/ecies/index.js
) and configured it on a React Native project running on top of Expo.
After fiddling around to make the crypto
, buffer
, and stream
implementation load correctly, I tried it with my own seedHex
(directly out of my browser's localStorage).
Everything seemed to be working; however, as soon as I replaced the seedHex
with the derivedSeedHex
(given by doing the derived authorization flow on the identity), the implementation started to throw the following error:
[Unhandled promise rejection: Error: Incorrect MAC]
at src/lib/ecies/index.js:26:1 in kdf
at src/lib/ecies/index.js:170:2 in decrypt
at http://127.0.0.1:19000/node_modules/expo/AppEntry.bundle?platform=ios&dev=true&hot=false&minify=false:192892:18 in decryptShared
at src/pages/Inbox/index.tsx:41:20 in useCallback$argument_0
at [native code]:null in flushedQueue
at [native code]:null in invokeCallbackAndReturnFlushedQueue
The error comes from the following section, and removing it, will cause invalid encryption.
assert(hmacGood.equals(msgMac), "Incorrect MAC");
With that said:
Issue: Approve message for window.open("https://identity.bitclout.com/approve?tx=abc123....") is all wrong for basic transactions of sending bitclout.
At the file identity/src/app/approve/approve.component.ts in generateTransactionDescription(), when the case is a TransactionMetadataBasicTransfer, the display message is all wrong.
When I use the /v0/send-bitclout api route to send 0.1 bitclout worth in nanos from BC1YLiXsLZvrySthVJPJozLr3rMSo2BARZ4VG525bhbsAJCTvwJQJCe to BC1YLh4R1ewSLphyWncnUsRmJ5okAn4xjRMUHD5Q6vVd5ZAYgf8zWZo, I get the following message:
localhost wants to send 0.203897603 bitclout to BC1YLiXsLZvrySthVJPJozLr3rMSo2BARZ4VG525bhbsAJCTvwJQJCe
When calling .jwt method of the identity service, it only returns {approvalRequired: true} and not the actual JWT.
Any ideas why this is happening? I am obviously developing on localhost. Does that have something to do with it?
I have tried numerous times but it never returns the JWT token, just the {approvalRequired: true} response.
Any help would be appreciated!
When using Mint Machine by nathanwells, I noticed that I can authorize a derived key once with global deso limit set to 1 DeSo (or something like 1.0001 to be exact - probably to account for gas fees), but then I can get several 1 DeSo bids accepted (by cloutpunk in this case) on that derived key.
So it seems like global deso limit for nft bid transactions - applies to the "act" of placing the bid, so just the gas fees associated, and not to the amount of bids placed.
This does not seem to be the correct behaviour - I would expect that when authorizing a derived key to use NFT bid transactions, with a global deso limit of 1 DeSo, it's one of the 2 options:
I'm using identity in a WKWebView on a native iOS app running on iOS 14.5.
When using login with google, the behaviour seems a little strange. I've been able to sign in ok, but when trying to use the Login with google button again to log in to a separate google account, it just hits an infinite spinner and never progresses. The only way to resolve the issue is to uninstall and reinstall the app (which clears any storage associated with the browser inside the sandbox, so it's a clean slate). I've attached a screen recording to demonstrate the issue.
The recording was taken using a simulator, but things get even worse on a real device. On device, I just get the following error message from Google:
Additionally, the App Store review guidelines state:
4.8 Sign in with Apple
Apps that use a third-party or social login service (such as Facebook Login, Google Sign-In, Sign in with Twitter, Sign In with LinkedIn, Login with Amazon, or WeChat Login) to set up or authenticate the user’s primary account with the app must also offer Sign in with Apple as an equivalent option. A user’s primary account is the account they establish with your app for the purposes of identifying themselves, signing in, and accessing your features and associated services.
Sign in with Apple is not required if:
Your app exclusively uses your company’s own account setup and sign-in systems.
Your app is an education, enterprise, or business app that requires the user to sign in with an existing education or enterprise account.
Your app uses a government or industry-backed citizen identification system or electronic ID to authenticate users.
Your app is a client for a specific third-party service and users are required to sign in to their mail, social media, or other third-party account directly to access their content.
It's possible that it might be ok on the basis that bitclout is a 3rd party service, but it will probably at least be a debate. I could see Apple digging their heels in and saying that since the google sign in is optional, and not required, that sign in with apple must also be presented as an option. I understand why it's not, but I'd rather not have to fight that battle in order to push a bug fix out.
A potential solution to all of the above might be to allow apps to specify a query parameter to the identity URL, e.g. allowGoogle=false
to simply hide the log in with google button, which would let us opt out of that functionality until such a time as we can fully get it working. Currently we're not going to be able to update our app without adopting this.
Hi, I have some questions:
When an application uses Bitclout Identity to get user access, it receives some kinds of tokens that can be used to access user info or depending on the access level, makes transactions for the user with/without his permission.
The current icons and descriptions cause confusion for users.
cc @lobovkin
I have a couple of alt accounts and anonymous accounts in my DeSo identity on my mobile phone. 2 days ago i noticed that one of my anonymous accounts became active 43 days ago as the account @mayadoesart (the daughter of @VindictiveTJ according to the profile info).
It looks like she generated the same private seed phrase as my anonymous account. I'm so lucky I didn't ever used this account to hold my DeSo or NFT's in it, and no one was harmed by this event.
I am facing a weird issue! Somehow identity fails to show the window and the only console log I have is this
DevTools failed to load source map: Could not parse content for https://identity.deso.org/vendor/bootstrap.min.css.map: Unexpected token < in JSON at position 0
It would on occasion show the window content but usually the window is blank. I do get port messages and I see them in the console window but can't interact with identity at all Any ideas?!
const transactionSpendingLimit =
{
"GlobalDESOLimit": 1000000000,
"TransactionCountLimitMap":
{
"SUBMIT_POST": 1000000,
"AUTHORIZE_DERIVED_KEY": 2
}
};
identityWindow = window.open('https://identity.deso.org/derive?transactionSpendingLimitResponse=' + encodeURIComponent(JSON.stringify(transactionSpendingLimit)));
function handleDerive(payload)
{
if (identityWindow)
{
identityWindow.close();
identityWindow = null;
var publicKey = payload.publicKeyBase58Check;
var derivedPublicKey = payload.derivedPublicKeyBase58Check;
var derivedSeedHex = payload.derivedSeedHex;
var expirationBlock = payload.expirationBlock;
var accessSignature = payload.accessSignature;
var transactionSpendingLimitHex = payload.transactionSpendingLimitHex;
If on step 2 you click on an already logged user, the payload contains the correct "transactionSpendingLimitHex" data
Get Shared Secrets show blank window
window.open('https://identity.deso.org/get-shared-secrets?callback='+callback+'&ownerPublicKey='+ownerPublicKey+'&derivedPublicKey='+derivedPublicKey+'&JWT='+jwt+'&messagePublicKeys='+messagePublicKeys, null, toolbar=no, width=${w}, height=${h}, top=${y}, left=${x}
);
When sending the below postMessage an error is returned. Probably hit this snap on the JWT request as I was building the internal service...
TypeError: Cannot destructure property 'service' of 't' as it is undefined.
Request
let jwtReq = {
id: 'XXXX',
service: 'identity',
method: 'jwt',
payload: {
accessLevel: user.accessLevel,
accessLevelHmac: user.accessLevelHmac,
encryptedSeedHex: user.encryptedSeedHex
}
};
vLog('JWT request', jwtReq);
let iFrame = document.getElementById('SOMEID').firstChild.contentWindow;
iFrame.postMessage(jwtReq, '*');
Returned Error
main-es2015.7fd4f7fb2e638fd391c6.js:1 ERROR TypeError: Cannot destructure property 'service' of 't' as it is undefined.
at e.handleMessage (main-es2015.7fd4f7fb2e638fd391c6.js:1:1661185)
at main-es2015.7fd4f7fb2e638fd391c6.js:1:1657249
at u.invokeTask (polyfills-es2015.f888aaa0bd730994945c.js:1:20709)
at Object.onInvokeTask (main-es2015.7fd4f7fb2e638fd391c6.js:1:1417062)
at u.invokeTask (polyfills-es2015.f888aaa0bd730994945c.js:1:20630)
at a.runTask (polyfills-es2015.f888aaa0bd730994945c.js:1:16118)
at l.invokeTask [as invoke] (polyfills-es2015.f888aaa0bd730994945c.js:1:21759)
at f (polyfills-es2015.f888aaa0bd730994945c.js:1:33720)
at h (polyfills-es2015.f888aaa0bd730994945c.js:1:33965)
Traces back to this
handleMessage(e) {
const {data: t} = e
, {service: r, method: n} = t;
"identity" === r && (n ? this.handleRequest(e) : this.handleResponse(e))
}
Steps to reproduce:
Use a Windows PC
I'm using bitclout/transaction.ts to parse raw transaction data into metadata using Transaction.fromBytes(txBytes)[0];
I'm converting transaction.ts into .js using command:
tsc bitclout/transaction.ts
It is mostly going very well. However, when parsing CREATOR_COIN transactions, I'm sometimes getting negative numbers.
For example for this transaction
https://explorer.cloutangel.com/tx/3JuEUYJmCwdXq9XtqAUZ9YLaEdz4HVbCmZEUKeMtJvN9jUd1tjz5Bg
The following values are produced -
bitcloutToAddNanos:0
bitcloutToSellNanos:-359050958
operationType:0
minCreatorCoinExpectedNanos:11479892781
minBitcloutExpectedNanos:0
creatorCoinToSellNanos:0
I'm guessing it's some problem with large numbers wrapping around -
Maybe related to this - https://github.com/bitclout/identity/pull/6/files ?
Any thoughts?
Hi :),
I'm trying to use Bitclout Identity on my application and I'm having some problems/concerns about security:
1 - When I try to send accessLevelRequest
I don't notice any change in the interface or the final access level authorization. I'm opening the following URL: https://identity.bitclout.com/log-in?accessLevelRequest=2
.
accessLevelRequest=AprovaAll
. Am I using the wrong URL or this feature isn't complete yet?2 - When I'm logged on many user accounts at the same time and use the identity window, it returns me access level 4 for all the logged accounts. Even when I'm selecting just one account. Shouldn't return only the requested level access for the only selected account?
Trying to make the free Deso link work with a public key on https://nftz.me/signup but getting some errors.
What is the idea here? To make the button get free Deso work as a window.open()
Used some variants of:
https://identity.deso.org/get-deso?derive=false&derivedPublicKey=BC1YLiqkZMS9jA1k9PtGgaKG3fra84cegjEGg5XY2fiYo1tCupy9rwK
How should we format that link?
Hey,
I'm checking the feasibility of signing transactions but only submitting them conditionally. For this use case I have two questions:
TransactionHex
that can be submitted to confirm the transaction on chain. Does this TransactionHex has any kind of expiration or can be used forever and still work as long the user has the necessary clout to perform the operation?TransactionHex
from the user, is there a way to check if the code is valid without confirming the transaction?Not sure if this is a bug, a limitation, or a design decision. When using identity to decrypt DMs, it only seems to decrypt the received DMs, and not the ones that the user has sent to the conversation.
bitclout.com seems to be storing the sent messages in local storage before they get encrypted, and that's how they're able to be rendered in the conversation.
My gut is telling me this is probably because they get encrypted using the receiving user's public key, and therefore require that user's private key to decrypt, and because the sender doesn't have that private key, they can't be decrypted?
Just wondering if there's anything that can be done about that, or is the only option to cache the unencrypted messages client side before they get sent? This would mean that if the browser storage (or app storage if using a native app) was cleared, those messages would be lost forever to the person who sent them.
As far as I can see, the only way to interact with the identity service such as receiving data after a successful login or to request the signing of a transaction is to post/receive a message on the window event listener. Presumably the intent is for web apps to run Identity in an iframe and communicate through that event listener.
In a native mobile app, if we navigate the user to identity.bitclout.com in an iOS WKWebview or Android CustomTab so that they have a secure environment to login then there is no way to interact with the window event listener.
Similarly when we want to sign a transaction there is no mechanism to post an event to have identity sign the transaction hex.
Am I missing a mechanism that exists for native mobile apps to interact with Identity?
Thanks
Getting this error 414 Request-URI Too Large
when changing profile picture and signing the transaction.
Error occurs when image is more than 150 kb.
Issue similar to #85
Not sure under what circumstances this happens, but it seems to be related to how long it's been since access was originally granted. But sometimes when sending a decrypt
message to identity, it's returning approvalRequired: true
, even though AccessLevel: Full
was requested and granted. This shouldn't be happening, full access should mean full access, and approval should not be required for anything.
I'm using this in a native mobile app with URL: "https://identity.bitclout.com/embed?accessLevelRequest=4&webview=true"
and the decrypt message being sent is:
{
id: <some uuid>,
service: 'identity',
method: 'decrypt',
payload: {
accessLevel: 4,
accessLevelHmac: <stored hmac from login>,
encryptedSeedHex: <stored encrypted hex from login>,
encryptedHexes: [<array of encrypted hexes>],
},
}
Ive been running into this lately when trying to buy creator coins.
Had it a week or so ago when trying to buy HighKey
And now it showed up when trying to buy another coin.
Looks like the tx-hex appended to URL is just too long and nginx throws a 414
Increasing Nginx setting large_client_header_buffers
can resolve this
https://nginx.org/en/docs/http/ngx_http_core_module.html#large_client_header_buffers
default is 4KB
I switched from localhost to my private IP address to get the issue resolved where access levels were not showing properly. In localhost, all access levels are set to 4 by default.
Even when testing from an IP address with permission level set to 3, Identity is prompting for approval for everything, even non-monetary transactions (e.g. posts).
In addition, Identity is prompting for approval when requesting a jwt token for the user. The jwt token is necessary for any type of image upload. However, Identity will not return a jwt, it only returns {approvalRequired: true}.
Has anyone else experienced this??
@maebeam noticed identity.deso.org still making requests to https://bitclout.com/api/v0/get-app-state
These requests fail when identity iframe loads on my new test node with the latest DESO changes/builds.
Looks like it may be due to the environment files:
As its identity i wont PR this as im not sure how you use env files on your servers.
I originally posted this in /frontend, but it was the wrong place. We're having an issue on Safari desktop with approvalRequired on the React web app we're building. I understand that Identity needs to request access again 1 week after login, but we are finding that even after approval is given, and the cookie is updated, Identity continues to request access for every transaction thereafter. i.e.:
Given that I'm using Safari
And I logged in 1 week ago with access level 4
When I attempt to buy a coin
Identity requires me to Approve transaction
And when I Approve transaction, then it is successful
But when I attempt another transaction
Then Identity asks for approval again
Despite the fact that the seed-hex-key in Cookies was correctly updated to last another week (i.e. now to expire 2 weeks from when I originally logged in)
We'd appreciate if you could look into this or provide some insight.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.