Hey, is there plan to finalize this EIP ?
If so, it would be good to add a challenge payload option so the application can authenticate the address and be sure that the wallet really have the privateKey it claims to have.
There is a proposal described here : Automatic Authentication Signature
Basically the eth_requestAccount call would look like :
{
"id": 1,
"jsonrpc": "2.0",
"method": "eth_requestAccounts",
"params": ["0x55f55f5e5e6e7e867e"]
}
I would make the payload unrestricted so any data could be specified here.
To prevent application from using it to sign arbitrary messages, the payload is prepended with Automatic Signature before being signed.
Note that in the proposal mentioned above, I also propose to add a new json method eth_autoSign that would remove the need to add that facility in the eth_requestAccount method (since in that case authentication could be done any time afterward).
Nevertheless I would still argue that having it in eth_requestAccount is a good idea since it remove the need to make another call. It will also increase the likelihood of having such authentication mechanism available for apps without having to wait for the auto_sign proposal to be accepted
Note that we can make it backward compatible with existing app by making the challenge payload optional.