Farcaster Devs

Can the miniapp sdk provide a proof to the miniapp that the context is provided by a specific client?

I think it's trivial to fake that you are a "legit" client sending data to a miniapp. This may not be critical in the onchain-tx way, but it can spam, overload, or fake data that are important for a miniapp.

It would be nice if frameContext was signed by frameContext.client.clientFid, to allow a miniapp verify that the context can be trusted IF they trust clientFid.

Dad, geek, conversation liquidity provider. vrypan.net (home), @l--o--l (fun). devcoin:$lemon3

dev. 
all my frames: @infobot, working on @degensub,
open for opportunities

Yes. But anyone can say they are fid 9152. I can make a web app that allows you to enter a mini app URL, and opens it with random fids, and says it is 9152 (warpcast). See? You paid me $200 through amps but it was worth it, you got 20k opens for your app.

Building @warpcast and @farcaster / dad / like to read, cook, ski, code

I don't see the complexity, if it's something I can ignore. It's one more piece of data in sdk.context. If you want to do something with it, you can, if not you can ignore it. Contact already has many keys that most devs ignore.

could

the downsides are increased complexity and more confusion for devs

two different types of signed data (SIWF and signed context) that both sign overlapping data (user fid) is quite confusing

yeah I agree, not solved yet but 100% something on my mind and that needs to be solved in the near term