Add and document cross-chain authorizers

docs/airnode/v0.10/concepts/authorizers.md

@@ -162,15 +162,6 @@ A protocol that does not have the `authorizers` scheme or equivalent
 functionality cannot be considered as permissionless, and will not be able to
 achieve wide-spread adoption.
 
-Currently there is only one `authorizers` scheme type, see
-[requesterEndpointAuthorizers](https://github.com/api3dao/airnode/blob/master/packages/airnode-validator/src/config/config.ts#L160-L163).
-The `authorizers` scheme type is set in
-`chains[n].authorizers.{<authorizerSchemeType>}` of `config.json`.
-
-```json
-chains[n].authorizers:{requesterEndpointAuthorizers:[]},
-```
-
 ### Are authorizers required?
 
 Authorizers are not required. An Airnode operator could use
@@ -199,16 +190,25 @@ making a static call to check if they are authorized. This scheme both allows
 the Airnode to set transparent and flexible policies, and this to be done with
 no gas overhead.
 
-### Access (allow, filter)
+Currently there are two `authorizers` scheme types,
+`requesterEndpointAuthorizers` and `crossChainRequesterAuthorizers`. These are
+set in `chains[n].authorizers` of `config.json` as described below.
 
-How authorizer contracts impact access is based on the `chains` field of
-`config.json` for a given Airnode.
+### Same-chain: requesterEndpointAuthorizers
+
+The `requesterEndpointAuthorizers` authorizer scheme type specifies an array of
+on-chain contract addresses to query when attempting to authorize a request. In
+contrast to the other authorizer scheme type, `crossChainRequesterAuthorizers`,
+the contract addresses are expected to reside on the chain specified by the `id`
+field of the parent `chains` object i.e. the authorizer contract addresses are
+on the same chain. There are two configurations possible for
+`requesterEndpointAuthorizers`: "allow all" and "filter all".
 
 #### Allow All
 
-When `chains[n].authorizers.{<authorizerSchemeType>}` (such as the
-`requesterEndpointAuthorizers` type) is an empty array, this means "let everyone
-through". In the example below, all chain _2_ requests are authorized.
+When `chains[n].authorizers.requesterEndpointAuthorizers` is an empty array, all
+requests are authorized. In the example below, all chain _2_ requests are
+authorized.
 
 ```json
 "chains": [
@@ -223,7 +223,7 @@ through". In the example below, all chain _2_ requests are authorized.
 
 #### Filter All
 
-If the Airnode wants to give access selectively, it should use one or more
+If the Airnode wants to authorize selectively, it should use one or more
 authorizer contracts that implement filtering logic. In the example below, a
 request would be authorized on chain _2_ if _either_ of the two
 `requesterEndpointAuthorizers` contracts authorize the request.
@@ -238,6 +238,54 @@ request would be authorized on chain _2_ if _either_ of the two
 ]
 ```
 
+### Cross-chain: crossChainRequesterAuthorizers
+
+The `crossChainRequesterAuthorizers` authorizer scheme type specifies an array
+of objects that allow for cross-chain request authorization. The key-value pairs
+of each object resemble other `config.json` objects:
+`requesterEndpointAuthorizers` specifies an array of contract address that
+authorize requests and both `chainType` and `contracts` are configured
+equivalently to their like named parent `chains[n]` objects described in the
+[config.json reference](../reference/deployment-files/config-json.md#chains).
+Lastly, `chainId` specifies the cross-chain (network) id and `chainProvider` is
+an object containing the chain provider url for the _chain specified by
+`chainId`_.
+
+Note that `crossChainRequesterAuthorizers` is an array that can contain multiple
+cross-chain authorizer objects, which allows for authorizers across multiple
+chains and/or redundancy in providers for each chain.
+
+The below example combines both `requesterEndpointAuthorizers` and
+`crossChainRequesterAuthorizers` authorizer scheme types. Requests will be
+authorized if the same-chain (`"id": "2"`) `requesterEndpointAuthorizers`
+contract `0xcd...cd8d` authorizes the request or if the cross-chain
+(`"chainId": "1"`) authorizer contract `0xCE5e...1abc` authorizes the request.
+
+```json
+"chains": [
+  {
+    "id": "2",
+    "authorizers": {
+      "requesterEndpointAuthorizers": ["0xcd...cd8d"],
+      "crossChainRequesterAuthorizers": [
+        {
+          "requesterEndpointAuthorizers": ["0xCE5e...1abc"],
+          "chainType": "evm",
+          "chainId": "1",
+          "contracts": {
+            "AirnodeRrp": "0xa0AD...a1Bd"
+          },
+          "chainProvider": {
+            "url": "https://mainnet.infura.io/..."
+          }
+        }
+      ]
+    }
+    ...
+  }
+]
+```
+
 ## Pre-built Authorizer Contracts
 
 Airnode provides two authorizer contracts, one of which

docs/airnode/v0.10/concepts/chain-providers.md

@@ -38,7 +38,8 @@ provider "infuraSepolia" in the `providers` array.
     "authorizers": {
       "requesterEndpointAuthorizers": [
         "0xf18c105D0375E80980e4EED829a4A68A539E6178"
-      ]
+      ],
+      "crossChainRequesterAuthorizers": []
     },
     "authorizations": {
         "requesterEndpointAuthorizations": {}
@@ -101,7 +102,8 @@ Multiple providers can be used per chain. Simply add another object to
     "authorizers": {
       "requesterEndpointAuthorizers": [
         "0xf18c105D0375E80980e4EED829a4A68A539E6178"
-      ]
+      ],
+      "crossChainRequesterAuthorizers": []
     },
     "authorizations": {
         "requesterEndpointAuthorizations": {}
@@ -166,7 +168,8 @@ each has a unique `id` and `type` and a list of `providers` for each.
     "authorizers": {
       "requesterEndpointAuthorizers": [
         "0xf18c105D0375E80980e4EED829a4A68A539E6178"
-      ]
+      ],
+      "crossChainRequesterAuthorizers": []
     },
     "authorizations": {
         "requesterEndpointAuthorizations": {}
@@ -221,7 +224,8 @@ each has a unique `id` and `type` and a list of `providers` for each.
     "authorizers": {
       "requesterEndpointAuthorizers": [
         "0xf18c105D0375E80980e4EED829a4A68A539E6178"
-      ]
+      ],
+      "crossChainRequesterAuthorizers": []
     },
     "authorizations": {
         "requesterEndpointAuthorizations": {}

docs/airnode/v0.10/grp-providers/guides/build-an-airnode/apply-auth.md

@@ -39,7 +39,7 @@ authorizations, and relayed meta data together.
 When you deploy your Airnode a receipt file is generated which contains the
 Airnode's `airnodeAddress`. Sponsors (via their sponsored requesters) use
 `airnodeAddress` and an `endpointId` to make requests to your Airnode's
-endpoints. However, you probably do not want to serve them publicly.
+endpoints. However, rather than serve them publicly, you may want to:
 
 - Only serve your own
   [requester contracts](../../../grp-developers/requesters-sponsors.md).
@@ -49,10 +49,11 @@ endpoints. However, you probably do not want to serve them publicly.
 You can use different authorizer contracts for your Airnode deployment per chain
 by declaring them in the `config.json` file under `chains[n].authorizers`. Add
 one or more authorizer contract addresses to the
-`chains[n].authorizers.{<authorizerSchemeType>}` array as shown below (e.g.
-`requesterEndpointAuthorizers`). If the array is left empty then all requests
-will be accepted by the Airnode but still could be filtered by the another
-method of authorization,
+`chains[n].authorizers.requesterEndpointAuthorizers` array or add one or more
+cross-chain authorizer objects to the
+`chains[n].authorizers.crossChainRequesterAuthorizers` array as shown below. If
+the `requesterEndpointAuthorizers` array is left empty then all requests will be
+accepted by the Airnode but still could be filtered by using
 [Relayed Meta Data Security Schemes](./api-security.md#relayed-meta-data-security-schemes).
 
 ```json
@@ -66,14 +67,16 @@ method of authorization,
         "requesterEndpointAuthorizers": [  // Requests must satisfy at least
           "0xeabb...C123",                 // one of the authorizer contracts
           "0xCE5e...1abc"
-        ]
+        ],
+        "crossChainRequesterAuthorizers": []
       }
     },
     {
       "id": "2",
       ...
       "authorizers": {
-        "requesterEndpointAuthorizers": [] // All requests will be processed
+        "requesterEndpointAuthorizers": [], // All requests will be processed
+        "crossChainRequesterAuthorizers": []
       },
     },
     {
@@ -82,6 +85,30 @@ method of authorization,
       "authorizers": {
         "requesterEndpointAuthorizers": [  // Requests must satisfy a
           "0xeabb...C123"                  // single authorizer contract
+        ],
+        "crossChainRequesterAuthorizers": []
+      }
+    },
+    {
+      "id": "4",
+      ...
+      "authorizers": {
+        "requesterEndpointAuthorizers": [  // Requests must satisfy a
+          "0xeabb...C123"                  // single authorizer contract
+        ],                                 // OR an authorizer contract deployed
+                                           // on a different chain (Ethereum mainnet)
+        "crossChainRequesterAuthorizers": [
+          {
+            "requesterEndpointAuthorizers": ["0xCE5e...1abc"],
+            "chainType": "evm",
+            "chainId": "1",
+            "contracts": {
+              "AirnodeRrp": "0xa0AD...a1Bd"
+            },
+            "chainProvider": {
+              "url": "https://mainnet.infura.io/..."
+            }
+          }
         ]
       }
     },

docs/airnode/v0.10/grp-providers/guides/build-an-airnode/configuring-airnode.md

@@ -79,7 +79,8 @@ Below is a simple chain array with a single chain provider.
     "authorizers": {
       "requesterEndpointAuthorizers": [
         "0xf18c105D0375E80980e4EED829a4A68A539E6178"
-      ]
+      ],
+      "crossChainRequesterAuthorizers": []
     },
     "authorizations": {
         "requesterEndpointAuthorizations": {}

docs/airnode/v0.10/grp-providers/guides/build-an-airnode/using-authorizations.md

@@ -58,7 +58,9 @@ requester addresses that can access them.
             "requesterEndpointAuthorizers": [
                 "0xeabb...C123",
                 "0xCE5e...1abc"
-            ]                The scheme type requesterEndpointAuthorizations
+            ],
+            "crossChainRequesterAuthorizers": []
+                             The scheme type requesterEndpointAuthorizations
         },                   grants access to endpointId/address pairs
         "authorizations": {  ⬇︎
             "requesterEndpointAuthorizations": {

docs/airnode/v0.10/grp-providers/tutorial/quick-deploy-aws/src/quick-deploy-aws/config.json

@@ -2,7 +2,8 @@
   "chains": [
     {
       "authorizers": {
-        "requesterEndpointAuthorizers": []
+        "requesterEndpointAuthorizers": [],
+        "crossChainRequesterAuthorizers": []
       },
       "authorizations": {
         "requesterEndpointAuthorizations": {}

docs/airnode/v0.10/grp-providers/tutorial/quick-deploy-container/src/quick-deploy-container/config.json

@@ -2,7 +2,8 @@
   "chains": [
     {
       "authorizers": {
-        "requesterEndpointAuthorizers": []
+        "requesterEndpointAuthorizers": [],
+        "crossChainRequesterAuthorizers": []
       },
       "authorizations": {
         "requesterEndpointAuthorizations": {}

docs/airnode/v0.10/grp-providers/tutorial/quick-deploy-gcp/src/quick-deploy-gcp/config.json

@@ -2,7 +2,8 @@
   "chains": [
     {
       "authorizers": {
-        "requesterEndpointAuthorizers": []
+        "requesterEndpointAuthorizers": [],
+        "crossChainRequesterAuthorizers": []
       },
       "authorizations": {
         "requesterEndpointAuthorizations": {}

docs/airnode/v0.10/reference/deployment-files/config-json.md

@@ -58,7 +58,8 @@ respective parameters.
       "requesterEndpointAuthorizers": [
         "0xf18c105D0375E80980e4EED829a4A68A539E6178",
         "0xCE5e...1abc"
-      ]
+      ],
+      "crossChainRequesterAuthorizers": []
     },
     "authorizations": {
       "requesterEndpointAuthorizations": {}
@@ -114,7 +115,8 @@ respective parameters.
   },
   {
     "authorizers": {
-      "requesterEndpointAuthorizers": []
+      "requesterEndpointAuthorizers": [],
+      "crossChainRequesterAuthorizers": []
     },
     "authorizations": {
       "requesterEndpointAuthorizations": {}

docs/airnode/v0.10/reference/examples/config-cloud.json

@@ -2,7 +2,8 @@
   "chains": [
     {
       "authorizers": {
-        "requesterEndpointAuthorizers": []
+        "requesterEndpointAuthorizers": [],
+        "crossChainRequesterAuthorizers": []
       },
       "authorizations": {
         "requesterEndpointAuthorizations": {}

docs/airnode/v0.10/reference/examples/config-local.json

@@ -2,7 +2,8 @@
   "chains": [
     {
       "authorizers": {
-        "requesterEndpointAuthorizers": []
+        "requesterEndpointAuthorizers": [],
+        "crossChainRequesterAuthorizers": []
       },
       "authorizations": {
         "requesterEndpointAuthorizations": {}

docs/airnode/v0.10/reference/templates/config-json.md

@@ -44,7 +44,8 @@ building a config.json file.
   "chains": [
     {
       "authorizers": {
-        "requesterEndpointAuthorizers": ["<FILL_*>"]
+        "requesterEndpointAuthorizers": ["<FILL_*>"],
+        "crossChainRequesterAuthorizers": ["<FILL_*>"]
       },
       "authorizations": {
         "requesterEndpointAuthorizations": {