It’s a great question. At first, I felt the idea of having automatic authentication built right into eth_requestAccounts made a lot of sense. However, I’m not sure what that would look like for an app developer, in practice.
For example, let’s say you visti my site for the first time and click a ‘Connect Wallet’ button. Upon clicking it, my client application code calls eth_requestAccounts, and the account is connected successfully.
In this scenario, how can I as the app developer be sure that the wallet performed any sort of authentication at all? What if the wallet doesn’t support automatic authentication, but does support the current implementation of eth_requestAccounts? Would the return value of eth_requestAccounts need to change?
Changing the behavior of eth_requestAccounts creates versioning and backward compatibility concerns that could be avoided altogether by introducing a new method instead.
A new method could reasonably be expected to return a signed authentication message that the application can verify. I’m not sure it would work if we just modified the behavior of eth_requestAccounts…