Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support creation of custom macaroons #3516

Closed
dannypaz opened this issue Sep 17, 2019 · 5 comments
Closed

Support creation of custom macaroons #3516

dannypaz opened this issue Sep 17, 2019 · 5 comments
Labels
authentication brainstorming Long term ideas/discussion/requests for feedback macaroons P3 might get fixed, nice to have rpc Related to the RPC interface

Comments

@dannypaz
Copy link
Contributor

Background

connectPeer requires access to the admin macaroon, however if a user needs to make payments and is using neutrino, the best way to establish connections through peers is to use connectPeer and then they can open a channel to your node.

I want to be able to use the connectPeer API without requiring the admin macaroon and invoice macaroon seems like a good interim place to put this before custom macaroons is released.

@wpaulino
Copy link
Contributor

connectPeer requires access to the admin macaroon, however if a user needs to make payments and is using neutrino, the best way to establish connections through peers is to use connectPeer and then they can open a channel to your node.

I'd say that establishing a direct connection to your payment destination is not ideal and doesn't scale. Why does this only apply to Neutrino?

I want to be able to use the connectPeer API without requiring the admin macaroon and invoice macaroon seems like a good interim place to put this before custom macaroons is released.

Mixing peer permissions with invoices for an invoice macaroon doesn't seem like a nice separation of concerns to me, which is what the macaroons attempt to achieve at the moment. Either a peer macaroon should exist, or you can create your own custom macaroon once that's supported.

@dannypaz
Copy link
Contributor Author

I'd say that establishing a direct connection to your payment destination is not ideal and doesn't scale. Why does this only apply to Neutrino?

Doesn't only apply to neutrino (we can think corporate firewall issues as an example), but neutrino is a good example. ConnectPeer is a way to guarantee that Node A is connected to Node B.

Peer macaroon would be perfect. Saying that connectPeer should be in an invoice macaroon would be a stretch.

Is there any timeline for support for custom macaroons? Would LL be up for reviewing a PR for a peer macaroon?

@Roasbeef
Copy link
Member

I think we'd rather opt for a more generalized bakery vs adding new macaroons for specific use cases.

@dannypaz
Copy link
Contributor Author

#1147

@wpaulino wpaulino changed the title Adding connectPeer permissions to invoice macaroon Support creation of custom macaroons Sep 23, 2019
@wpaulino wpaulino added authentication brainstorming Long term ideas/discussion/requests for feedback macaroons P3 might get fixed, nice to have rpc Related to the RPC interface labels Sep 23, 2019
@Roasbeef
Copy link
Member

Fixed by #1160

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
authentication brainstorming Long term ideas/discussion/requests for feedback macaroons P3 might get fixed, nice to have rpc Related to the RPC interface
Projects
None yet
Development

No branches or pull requests

3 participants