feat([sc-15759]): target canister docs page (#231)

Author: olekid

docs/pages/getting-started/installation.mdx

@@ -67,8 +67,8 @@ backend canisters to the `targets` array.
 
 <Callout type="warning" emoji="⚠️">
   Add only **your** backend canister IDs to the `targets` array.
-  <a href="/miscellaneous/delegation-toolkit">
-    <strong>More about the Delegation Toolkit.</strong>
+  <a href="/miscellaneous/target-canisters">
+    <strong>More about the Target Canisters.</strong>
   </a>
 </Callout>
 

docs/pages/miscellaneous/_meta.ts

@@ -1,5 +1,6 @@
 export default {
   "delegation-toolkit": "Delegation Toolkit",
+  "target-canisters": "Target Canisters",
   "auth-options": "Auth Options",
   "local-development": "Local Development",
 }

docs/pages/miscellaneous/delegation-toolkit.mdx

@@ -36,17 +36,14 @@ use those wallet addresses outside your app.
 Account delegations can be used to make authenticated calls to your own canisters, and will require
 approval to call others.
 
-> Note: ICRC-1, ICRC-7, and other asset canister smart contracts are discouraged from implementing
-> this method. Wallets may mark application as a scam if they do.
-
 ## Recommendation
 
 We believe Web3 is about having a universal digital identity that people can use to bring their data
 and assets from app to app. Therefore our bias is to always ask users connect with their wallet
 address. Let users connect with a new Account or Relying party delegation if they don't yet trust
 your app, but always strive to decrease how much users need to trust your service to use it.
 
-Read more about the
+Read more about [target canisters](/miscellaneous/target-canisters) and the
 [ICRC-28](https://github.com/dfinity/wg-identity-authentication/blob/main/topics/icrc_28_trusted_origins.md)
 standard.
 

docs/pages/miscellaneous/target-canisters.mdx

@@ -0,0 +1,37 @@
+---
+title: "Target Canisters"
+date: "2024-07-10"
+authors:
+  - name: "Dan Ostrovsky"
+---
+
+## Target Canisters
+
+3rd party application MUST set an array of target canisters to which delegation identity will make
+authenticated calls without user approvals. These canisters SHOULD be under the 3rd party
+application's control, otherwise the developer opens a trust assumption that other canister
+controllers won't carry out drain attacks on their shared pool of users.
+
+## Rust Implementation
+
+Each target canister that wallet providers will query (as an update call for secure consensus)
+should have method `icrc28_trusted_origins()`:
+
+```rust
+#[derive(Clone, Debug, CandidType, Deserialize)]
+pub struct Icrc28TrustedOriginsResponse {
+    pub trusted_origins: Vec<String>
+}
+
+#[update]
+fn icrc28_trusted_origins() -> Icrc28TrustedOriginsResponse {
+    let trusted_origins = vec![
+        String::from("dscvr.one") // to be replaced with application's frontend origin(s)
+    ];
+
+    return Icrc28TrustedOriginsResponse { trusted_origins }
+}
+```
+
+> Note: ICRC-1, ICRC-7, and other asset canister smart contracts are discouraged from implementing
+> this method. Wallets may mark application as a scam if they do.

examples/react-demo/src/idl/service.ts

@@ -45,7 +45,6 @@ export interface Icrc21LineDisplayPage {
 }
 export type Result = { Ok: Icrc21ConsentInfo } | { Err: Icrc21Error }
 export interface _SERVICE {
-  get_trusted_origins: ActorMethod<[], Array<string>>
   greet: ActorMethod<[string], string>
   greet_no_consent: ActorMethod<[string], string>
   icrc21_canister_call_consent_message: ActorMethod<[Icrc21ConsentMessageRequest], Result>

examples/react-demo/src/idl/service_idl.ts

@@ -39,7 +39,6 @@ export const idlFactory = ({ IDL }: any) => {
   })
   const Result = IDL.Variant({ Ok: Icrc21ConsentInfo, Err: Icrc21Error })
   return IDL.Service({
-    get_trusted_origins: IDL.Func([], [IDL.Vec(IDL.Text)], []),
     greet: IDL.Func([IDL.Text], [IDL.Text], ["query"]),
     greet_no_consent: IDL.Func([IDL.Text], [IDL.Text], ["query"]),
     icrc21_canister_call_consent_message: IDL.Func([Icrc21ConsentMessageRequest], [Result], []),