I can authorize another device to access a space

[gobengo]

Demo Script this is a proposal and meant to start a discussion. see others’ comments below for latest

* install w3cli on computers A and B
* on A
  * create a space
    * `w3 space create multidevice`
  * delegate authority to your email address `foo@bar.com`
    * proposed: `w3 space authorize --can='*' mailto:foo@bar.com`
    * [does this from spec](https://github.com/web3-storage/specs/blob/main/w3-access.md#access-across-multiple-devices)
    * expectation: this results in sending an `access/delegate` invocation to web3.storage access-api over http
* on B
  * use w3cli to authenticate as the owner of the `foo@bar.com` email address
    * probably `w3 access request mailto:foo@bar.com` - this will initiate email/consent flow to send an email to that address consenting to delegate to the device b key.
  * run `w3 space ls`
    * expectation: I see an entry in the spaces list for the space that was originally created on device A
      * to do this, may need to invoke `access/claim`
  * run `w3 space use ` to 'use' a specific space
    * we can make `` optional `[space.did]` by having `w3 space use` do a little command line tool for choosing one space from amonst the list. That way end-user doesn't have to type in the did:key
    * expectation: after this, that space did is the one used by `w3 up`

[gobengo]

@Gozala said in slack he has some thoughts on this to share from drawing over the weekend

[gobengo]

whatever the cli ui should be, let's put it as 'coming soon' in the README or docs. then we can iterate on it via PR/git and not just in these comments

[alanshaw]

This is similar to what I had in mind...but I was aiming for something simpler:

• w3 authorize alan@example.com
  • Validates the users email
  • Calls access/claim to retrieve delegations to existing spaces
  • If no spaces locally and no spaces from access/claim:
    • Create a default space
    • Delegate to alan@example.com
    • Stash delegation with access/delegate

Note: we're not dealing with specific spaces, or specific delegations (this is the next iteration).

Note: alan@example.com is given FULL access to ALL spaces created after a successful call to w3 authorize alan@example.com and delegations are stashed automatically with access/delegate.

So then the demo becomes:

On A:

• w3 authorize alan@example.com
• w3 space create MySpace

On B:

• w3 authorize alan@example.com
• w3 space ls

...and then you could prove that an upload done on A can be seen on B

[Gozala]

I think plan described in #46 (comment) makes sense but there are some problems that we'd need to address specifically doing last step in the quoted flow will not work

• w3 authorize alan@example.com
  • Validates the users email
  • Calls access/claim to retrieve delegations to existing spaces
  • If no spaces locally and no spaces from access/claim:
    • Create a default space
    • Delegate to alan@example.com
    • Stash delegation with access/delegate

Given that a new space is not registered access/delegate will be rejected as there will be no space to store the delegation in. It was expected that flow would look more like this

• w3 authorize alan@example.com
  • Validates the users email
  • Calls access/claim to retrieve delegations to existing spaces
  • If no spaces locally and no spaces from access/claim:
    • Create a default space
    • Add free space provider using provider/add with alan@example.com
    • Delegate to alan@example.com
    • Stash delegation with access/delegate

Alternatively we could temporarily lift "space needs to be registered" requirement.

[gobengo]

🙏

#53