Access app container using scope


#1

From the New Auth Flow RFC (46):

The authorisation flow contains a specific scope field, allowing an app to let the authenticator know that this is certain sub-part (a specific website, specific device or instance) is trying to access. App keys and containers are scoped using this field and any request without said field will be granted access to all under that scope.

And from the appendix Containers and their basic conventions:

If the app further requested to have its own container, the authenticator must create new an random app-container, grant full access to the container to the app, generate a new random symmetric-key-pair and store all this access information in the app’s AccessContainer. The authenticator must then add link that address to the root container under _apps/${appId}/@{scope}. We call this the AppContainer.

I’ve made the following snippet idiom using the scope field in the app info (from the docs). I attempt to access the scoped app container:

const safeApp = require('@maidsafe/safe-node-app');

setTimeout(() => null, 20000); // Prevent Node.js from exiting

(async () => {
    const info = {
        id: 'com.example',
        name: 'Example',
        vendor: 'example.com',
        scope: 'sub',          // The scope
    };

    const app = await safeApp.initializeApp(info);
    await app.auth.loginForTest({}, { own_container: true }); // With app container

    console.log(await app.getOwnContainerName());
    console.log(await app.auth.canAccessContainer('apps/com.example/sub'));
})();

Output:

$ NODE_ENV=dev node index.js
apps/com.example
(node:15884) UnhandledPromiseRejectionWarning: TypeError: Cannot read property 'Read' of undefined
    at perms.every (C:\test\node_modules\@maidsafe\safe-node-app\src\api\auth.js:327:55)
    at Array.every (<anonymous>)
    at getContainersPermissions.then (C:\test\node_modules\@maidsafe\safe-node-app\src\api\auth.js:327:30)
    at <anonymous>
(node:15884) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). (rejection id: 1)

getOwnContainerName gives the name of the app container but without the scope. Still, I would expect the apps/com.example/sub container to exist, if I’m reading the RFC correctly.

Anyone from @maidsafe_team that can shed light on this?


#2

Anyone else has experience with scopes? Perhaps it does work through the Rust interface.