Farcaster Devs

Can the miniapp sdk provide a proof to the miniapp that the context is provided by a specific client?

I think it's trivial to fake that you are a "legit" client sending data to a miniapp. This may not be critical in the onchain-tx way, but it can spam, overload, or fake data that are important for a miniapp.

It would be nice if frameContext was signed by frameContext.client.clientFid, to allow a miniapp verify that the context can be trusted IF they trust clientFid.

Dad, geek, conversation liquidity provider. vrypan.net (home), @l--o--l (fun). devcoin:$lemon3

could

the downsides are increased complexity and more confusion for devs

two different types of signed data (SIWF and signed context) that both sign overlapping data (user fid) is quite confusing

Building @warpcast and @farcaster / dad / like to read, cook, ski, code

I don't see the complexity, if it's something I can ignore. It's one more piece of data in sdk.context. If you want to do something with it, you can, if not you can ignore it. Contact already has many keys that most devs ignore.