Allow sites to specify account properties when requesting an account.

[danfinlay]

Some sites, like some exchanges that rely on offchain messages in the EIP 712 format, are not compatible with some hardware wallets who have not adopted those signature schemes.

This can result in dangerous situations where users deposit funds but cannot withdraw them.

The exchanges' first instinct is to request a method to detect the type of account a user has, but this has privacy issues.

Instead, this could also be solved by allowing the site to specify features the requested account is required to have at sign-in time.

For example, if we presume a requestPermissions method to log in:

provider.send({
  method: 'wallet_requestPermissions',
  params: [
    {
      'eth_accounts': { mustSupportMethods: ['signTypedData_v4'] },
    }
  ]
})

This could be achieved using a special caveat for rpc-cap. @rekmarks

Depends on https://ethereum-magicians.org/t/web3-login-permissions/3583

[serapath]

This is a wonderful proposal and something that we would love to see standardized too :-)
I have some problems wrapping my head around the proposed approach though.

We were thinking about "the" main feature to be a requestFeature(s) standard, where each feature, such as eth_accounts would be versioned and there would be a schema file or some other kind of public definition file (on chain or on ipfs, etc...) that exactly describe what each version supports, so the specific requested version of the feature eth_accounts would include signTypedData_v4, or alternatively: requestFeature would be more fine grained and request [eth_accounts/signTypedData_v4, ....]

Also - we were thinking that this kind of negotiation process fore features/permissions might not be a simple request/response, but maybe an ongoing discussion, so there would be an arbitrary (usually of course only a few) amount of messages going back and forth until the negotiation is done.

here are our thoughts playproject-io/wallet#1