get addresses by inbox id

[insipx]

No description provided.

[graphite-app]

Your org has enabled the Graphite merge queue for merging into main

Add the label “queue” to the PR and Graphite will automatically add it to the merge queue when it’s ready to merge.

You must have a Graphite account and log in to Graphite in order to use the merge queue. Sign up using this link.

[rygine]

left a comment, but LGTM

[nplasterer]

@insipx what do you think about changing this so it just returns the list of addresses? Is it weird to show other people all the installations a user has?

[nplasterer]

Or maybe it fine to show what other peoples recovery address and installations are? Maybe @richardhuaaa has thoughts.

[richardhuaaa]

It's all stored publicly on the network anyway, so I don't think it matters much from a privacy perspective. It has to be public in order for your installation to know which installations to include in the conversation. Not sure what is important here from a usability perspective though!

[nplasterer]

Okay seems no harm in exposing it all in the sdk. Is the recovery address helpful in anyway from a integrator perspective? Is it like the main address if you had to choose just one to display?

[richardhuaaa]

The recovery address is the only address that can perform revocations on your account. It's a separate class of permissions because otherwise any compromised key could remove all other keys and take over the account. It's useful for a user to know their own recovery address, can't think of a use-case today for you to query someone else's recovery address though

[nplasterer]

In the inverse it almost seems bad to make it easy to access others recovery addresses as a attacker could target that address in particular to try to gain master access?

[nplasterer]

Tho I guess it's public so people who really want to access that information can access it either way so I guess not a huge deal. The amount of money you have in your wallet is also public 😄