Feature request: expose the user (EOA) wallet provider

[ubinatus]

Hello team. Was wondering if there is any intention on exposing the connected user EOA wallet on the @safe-global/safe-apps-sdk dependency so that we could interact with the EOA wallet (User, i.e. one of the owners of the multisig) and not the smart contract wallet (multisig).

I believe the use case for this would be for those Safe Apps that has an an internal authentication method (e.g. SIWE) for users through message signatures (personal_sign) but don't want to force the user to use the sdk.txs.signMessage(message) for obvious reasons: i) don't care if EOA is actually a valid owner and ii) takes time to wait for all owners to approve the message and execute the Gnosis Safe: Sign Message Library and you won't like to wait that whole process just for interacting with the DApp.

-> The way it can be currently handled (just for injected EOA)

    const w = window as any;
    const provider = new Web3Provider(w.ethereum); // `w.ethereum` is the injected provider from SafeApp
    const signer = provider.getSigner();
    const signature = await signer.signMessage(custom_siwe_message);
    // -> custom authentication logic using `signature` and the `signer` address

Tentative feature

    const provider = await appsSdk.eth.getUserProvider();
    const signer = provider.getSigner(); // or any provider-dependent method to retrieve the signer
    const signature = await signer.signMessage(custom_siwe_message); // or any provider-dependent method to retrieve the signer
    // -> custom authentication logic using `signature` and the `signer` address

In other words:
"As SafeApp developer, I would like to also interact directly with the wallet provider of the connected user."

Would love your feedback on this 🥰. In case this is doable, I would be happy to create a PR for it.

[ghost]

I agree this would big an huge UI UX improvement for our use case.
Looking at the code they interact with the safe account using https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage

Maybe it wouldn't be too much of a hassle to use that feature to request the safe web app to interact with the EOA wallet on behalf of the Iframe.

[mmv08]

don't care if EOA is actually a valid owner and

Why bother with the feature then? You can generate a random private key and sign the message

[ghost]

don't care if EOA is actually a valid owner and

Why bother with the feature then? You can generate a random private key and sign the message

The author doesn't care but in my use-case this is essential and an huge UX improvement.
I do need signature from ALL safe account signees

[ubinatus]

don't care if EOA is actually a valid owner and

Why bother with the feature then? You can generate a random private key and sign the message

Hi @mmv08. The purpose of the feature (back then) was to allow the Safe App to consume the wallet client (the connected wallet on the app.safe.global website). As mentioned on the description, one of the intended use cases was to be able to use the wallet client to sign a message mainly for authentication purposes within the developer's DApp.

I take back this part: i) don't care if EOA is actually a valid owner (just updated the description). Just wanted to be able to let the connected user sign a message without the need to interact with SignMessageLib (no need for all multisig owners to approve it).

[mmv08]

ii) takes time to wait for all owners to approve the message and execute the Gnosis Safe: Sign Message Library and you won't like to wait that whole process just for interacting with the DApp.

Just FYI you can use offchain signatures which should be faster: https://docs.safe.global/safe-smart-account/signatures/eip-1271

[eliezerbasubi]

Hi @mmv08,
Do you have any ETA or workaround for this issue? The provided link doesn’t clearly explain the problem being addressed.

We’re looking to implement a similar feature in our Safe-based DApp and are currently blocked by this.

[eliezerbasubi]

@ubinatus Did you find a workaround for this ??

[ubinatus]

@eliezerbasubi I opened this issue because I wanted to use the EOA provider to request eip712 signing. Back then I found no workaround and ended up just requiring users to on-chain sign messages.

However, the Safe team later introduced the off-chain signing (with the SDK) so at Unvest we ended up using both methods for authenticating the user. Take into account that the off-chain signing method won't work for the SafeApp mobile app, just website (afaik).

Will close this issue. Feel free to ask anything else.

[eliezerbasubi]

@ubinatus how did you authenticate users without involving other owners to approve the transaction?
This is the part that’s still unclear to me.

[mmv08]

@ubinatus how did you authenticate users without involving other owners to approve the transaction? This is the part that’s still unclear to me.

Could you please elaborate a little bit on your use case? I'm not entirely sure how it's possible to authenticate a multi-signature account without involving all the owners.

[eliezerbasubi]

@ubinatus how did you authenticate users without involving other owners to approve the transaction? This is the part that’s still unclear to me.

Could you please elaborate a little bit on your use case? I'm not entirely sure how it's possible to authenticate a multi-signature account without involving all the owners.

Our use case involves authenticating an EOA within the Safe Browser by requesting a signature as soon as the user connects their wallet through the connect button of the Safe App. This will help us determine if the EOA is one of the owners of the multisig and redirect them to a specific page.

We aim to implement this in a way that doesn't require approval from other owners, as it's merely for authentication entry into our dApp.

While I understand that this can be achieved by the EOA provider, the Safe App does not currently expose this functionality