feat: app usable without local secure environment support #209
Conversation
Signed-off-by: Berend Sliedrecht <sliedrecht@berend.io>
Signed-off-by: Berend Sliedrecht <sliedrecht@berend.io>
Signed-off-by: Berend Sliedrecht <sliedrecht@berend.io>
Signed-off-by: Berend Sliedrecht <sliedrecht@berend.io>
| @@ -0,0 +1,2 @@ | |||
| EXPO_PUBLIC_WALLET_SERVICE_PROVIDER_AUTH_TOKEN=0dd5e0ac-f6a5-42ce-b945-09735c3a8f17 | |||
There was a problem hiding this comment.
Auth token doesn't really work for mobile apps as you can extract it from the build.
Or is this temporary until we can do app integrity?
| @@ -0,0 +1,52 @@ | |||
| import type { SecureEnvironment } from '@animo-id/expo-secure-environment' | |||
|
|
|||
| export class WalletServiceProviderClient implements SecureEnvironment { | |||
There was a problem hiding this comment.
Can we move this to a separate package?
| await response.text() | ||
| } | ||
|
|
||
| public async getPublicBytesForKeyId(keyId: string): Promise<Uint8Array> { |
There was a problem hiding this comment.
We will probably have to sign each request with a key or something for auth?
There was a problem hiding this comment.
Probably we should do: app integrity, issue access token bound to app integrity.
Also c' flow has some guidance on how to interact with hsm i think, did you look into that already?
| @@ -0,0 +1,52 @@ | |||
| import type { SecureEnvironment } from '@animo-id/expo-secure-environment' | |||
|
|
|||
| export class WalletServiceProviderClient implements SecureEnvironment { | |||
There was a problem hiding this comment.
Also, i'm not really sure why this implements secure env? We're going yo have to interact a lot more with the wallet provider backend (for attestations etc). I think it makes more sense to create a separate service.
Also my understanding was we'd also create other keys in the HSM, but it now looks we only do the PID key?
draft as we need a hosted version of the wallet service provider to make sure we can use it easier.