box.verified.email() returns null

Question

box.verified.email() returns null

balasan opened this issue 5 years ago · 9 comments

Describe the bug
box.verified.email() returns null when using identity-wallet

To Reproduce
Steps to reproduce the behavior:

        const idWallet = new IdentityWallet(async () => true, { seed });
        await idWallet.authenticate(['relevant', '3Box']);
        await idWallet.linkAddress(address, metamask);
        const provider = idWallet.get3idProvider();
        const box = await Box.openBox(address, provider);
        const emailObj = await box.verified.email(); // <-- return null with idProvider

Expected behavior
When using metamask ethereum provider the method returns the verified email object

Desktop (please complete the following information):

OS: macOS
Browser Chrome
Version 80

Additional context
3box-js version: 1.17.0
identity-wallet version: 1.1.1

Answer 1 · 2020-02-20T12:06:55.000Z

@balasan This function will only return a verified email object if you actually verified your email in the 3box.io hub app. Is your question how you can verify emails outside of the hub app?

Answer 2 · 2020-02-20T16:55:41.000Z

No, this is when I do have a verified email. I’m able to Retrieve it when I use the Metamask provider, but not when using the idWallet provider.

Answer 3 · 2020-02-20T17:03:16.000Z

I'm not sure I completely follow. If you are using the IdWallet you would have a different identity than if you where using the Metamask provider. The keys are derived differently if you use the IDW directly.

Answer 4 · 2020-02-20T19:35:05.000Z

The keys are derived differently if you use the IDW directly.

I guess that maybe the source of my general confusion.

My intuition was that once I call idWallet.linkAddress(myEthAddress, metamaskProvider); My idWallet would have all the access rights associated with myEthAddress and its 3box profile. Its confusing because profiles seem to be linked to an ethereum address.

I imagine this is also how my original 3box profile associated with myEthAddress got bricked. Seems like linkAddress created a brand new identity for myEthAddress overwriting the original profile data and making the account inaccessible via Metamask login.

Questions:

Is my intuition correct? I still don't know enough about the inner workings to tell exactly whats going on. If so, that's a really easy way to trick someone into bricking their 3box profile...
Is there a way to connect/authenticate an existing 3box profile via a new IdWallet? Seems like this should be possible and is the sort of problem DIDs are supposed to be able to solve. If so, how would one go about doing this?
I was also looking for away to get a list of linked ETH address in the IdWallet instance after linkAddress and didn't seem to find it...

Answer 5 · 2020-02-21T09:54:16.000Z

linkAddress is more like a symlink from your ethereum address to a 3ID identity (3box profile)
It's not easily possible right now, but it's something we are working on over the next month or so. Accounts in IDWallet work a little different from the ethereum accounts with signatures (one seed for all data vs one seed per space)
Yeah, IDW doesn't keep much state, it has to be used together with 3box-js: box.listAddressLinks

Would maybe be helpful if you described what goal you're trying to achieve and I should be able to give you a more nuanced answer!

Answer 6 · 2020-02-21T18:41:36.000Z

Would linkAddress create a brand new 3ID identity overwriting the existing one? I'm still trying to understand how my 3box profile got wiped out... (this is it btw: https://3box.io/0x6DdF9DA4C37DF97CB2458F85050E09994Cbb9C2A)

I'm working on web3 login for Relevant atm, so I guess the general goal is to have flexible ways to authenticate and verify 3box profiles. I want to be able to create some new keys, pass them to the mobile app and use them for all my authentication needs without exposing any of my existing Metamask keys. For verification I can always store some public keys & signatures in a 3box space (or even in a db), but is there a canonical 3box way of doing this? Finally I'd like to be able to not just verify but authenticate using those keys which I understand is still in development.

Answer 7 · 2020-02-24T10:36:34.000Z

Ok, let me try to walk you though what happened here:

Created 3box account with Metamask

3box account created with seed S_a -> gets DID did_a
Link MM address addr -> did_a

Used IdentityWallet to link account

A new 3box account was created with seed S_b -> gets DID did_b
Link MM address addr -> did_b

As you can see from the description above your account wasn't wiped. Rather a new one was created and you pointed your ethereum address from account a to account b. The reason for this is that the IdentityWallet creates accounts differently from 3box-js. IDW is in general more flexible but they are not compatible (yet, we are working on migrating all 3box accounts to use IDW).

In the case you are describing for Relevant, do you need to associate that account to a MM account? If no, then just using IDW without linking it to your MM address should work fine. If yes, then we are working on making that possible, hope to have something released in a bit over a month 👍

Answer 8 · 2020-02-24T17:54:19.000Z

Thanks @oed its all starting to make sense :)
The interaction / differences between IDW and 3box-js was definitely a big point of confusion as I was working on the this stuff, would have been great to see some docs address this.

Re Relevant, I think having MM (at least as an option) is important for us so we can query on-chain data and not force users that have MM store another mnemonic. I like the idea of using IDW almost like a burner key that you don't have to worry about keeping around. For now we are using straight metamask for auth but will keep an eye on the progress!

Answer 9 · 2020-12-20T09:43:22.000Z

Closing as this package no longer is designed to be used with 3box-js