I cannot create a new TileDocument for a schema when using my own node due to Can not verify signature for commit ...: Capability does not have appropriate permissions to update this Stream, but this works when using https://ceramic-clay.3boxlabs.com. I’m creating a new stream, so I’m confused why the error is about updating a stream. My node is using @ceramicnetwork/cli@2.7.0.
When using https://ceramic-clay.3boxlabs.com, I cannot create a new TileDocument using the schema TileDocument’s commitId as the ‘schema’:
ERROR [ExceptionsHandler] HTTP request to 'https://ceramic-clay.3boxlabs.com/api/v0/streams' failed with status 'Internal Server Error': {"error":"Can not verify signature for commit ...: Capability does not have appropriate permissions to update this Stream"}
Yes, that’s expected. The did:key is a temporary session key valid for a single user session. The stream controller should be the did:pkh with the user’s ethereum wallet address, which signs a capability granting temporary access to the session key to write data on its behalf.
I was setting the controllers as [ceramic.did.id] like the example here. I updated it to use [ceramic.did.parent], but I am experiencing the same error.
dont necessarily have to pass the controller, if you have an authenticated did attached it will handle selecting the correct did id, but yes session.id or session.did.parent would be correct to use
if your not using composedb, could you try passing resources = [ceramic://*], the wild card access to did-session, if using tiledocs, glaze, selfid wild card resource is recommended for now, more granular access will be supported in composedb
I deleted node_modules and dist folders and I’m still getting the same error. I had replaced @glazed/did-session with just did-session after the suggestion in this comment.
I created an example test file and this results in the error I got in the previous thread: Can not verify signature for commit bagcq...: Signature does not belong to issuer
could be fireblocks/celo, probably both the first used here, seems like celo account should work if just they are just identified by chainid and standard provider, but not certain
This was working in a previous version of ceramic, so I don’t think it is due to any signature verification differences in Celo or the provider. However, the fireblocks provider package also had an update since then where they replaced @json-rpc-tools/provider with web3-providers-http.