From the New Auth Flow RFC (46):
The authorisation flow contains a specific scope field, allowing an app to let the authenticator know that this is certain sub-part (a specific website, specific device or instance) is trying to access. App keys and containers are scoped using this field and any request without said field will be granted access to all under that scope.
And from the appendix Containers and their basic conventions:
If the app further requested to have its own container, the authenticator must create new an random app-container, grant full access to the container to the app, generate a new random symmetric-key-pair and store all this access information in the app’s
AccessContainer
. The authenticator must then add link that address to the root container under_apps/${appId}/@{scope}
. We call this theAppContainer
.
I’ve made the following snippet idiom using the scope
field in the app info (from the docs). I attempt to access the scoped app container:
const safeApp = require('@maidsafe/safe-node-app');
setTimeout(() => null, 20000); // Prevent Node.js from exiting
(async () => {
const info = {
id: 'com.example',
name: 'Example',
vendor: 'example.com',
scope: 'sub', // The scope
};
const app = await safeApp.initializeApp(info);
await app.auth.loginForTest({}, { own_container: true }); // With app container
console.log(await app.getOwnContainerName());
console.log(await app.auth.canAccessContainer('apps/com.example/sub'));
})();
Output:
$ NODE_ENV=dev node index.js
apps/com.example
(node:15884) UnhandledPromiseRejectionWarning: TypeError: Cannot read property 'Read' of undefined
at perms.every (C:\test\node_modules\@maidsafe\safe-node-app\src\api\auth.js:327:55)
at Array.every (<anonymous>)
at getContainersPermissions.then (C:\test\node_modules\@maidsafe\safe-node-app\src\api\auth.js:327:30)
at <anonymous>
(node:15884) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). (rejection id: 1)
getOwnContainerName
gives the name of the app container but without the scope. Still, I would expect the apps/com.example/sub
container to exist, if I’m reading the RFC correctly.
Anyone from @maidsafe_team that can shed light on this?