The `pk identities claim` command should perform augmentation

[joshuakarp]

Specification

We need to provide support for the creation of claims between a node and digital identity in a gestalt.

An issue with the identities claim CLI command - it doesn't actually perform the augmentation. At the moment, all this command does is call await gestaltGraph.linkNodeAndIdentity(nodeInfo, identityInfo). Looking at GestaltGraph.ts, all this function does is update (or create if none exist) the ACL permissions for the node's gestalt.

In order to actually perform an identity claim/augmentation there are two more steps we need to add.

1. Create a claim on the node's sigchain

To do this, we need to construct a ClaimLinkIdentity object, which is just

type ClaimLinkIdentity = {
  type: 'identity';
  node: NodeId; // can get using nodeManager.getNodeId() since node manager is already injected into identities RPC
  provider: ProviderId; // provided in call request already
  identity: IdentityId; // provided in call request already
};

Next we would just need to call sigchain.addClaim(), passing this function the ClaimLinkIdentity object we created (unless there's a better way to do this?). Only thing is that the sigchain is not currently being injected into the identities RPC so that would need to be added.

2. Publish the claim on the DI

Once we've made a claim we just need to publish it on the provider as well. This stage requires the provider to be authenticated so it would be a good idea to check that before we even update ACL permissions/generate the claim on the sigchain (whichever comes first). We can get the provider from Identities Manager using the provided ProviderId we already have (identities.getProvider). After that we just need to call the publishClaim() method on the provider, passing it the claim we made on the Sigchain. Only problem here is that sigchain.addClaim() doesn't return the claim it generates, so we'll have to search the sigchain for the one we're looking for. This might be a little challenging unless we can assume that the most recent identity claim is the one we want.

Once we've got the claim we also need to decode it (using decodeClaim from claims utils) before we can publish it.

That's about all that needs to be done here, unless we also want to return something to the caller (e.g. the claim id and url that gets returned by publishClaim()) since right now that grpc call responds with an EmptyMessage.

Additional context

• original comment by @emmacasolin regarding this in the vaultsrefactoring MR: https://gitlab.com/MatrixAI/Engineering/Polykey/js-polykey/-/merge_requests/184#note_687311752
• issue for node -> node claims: Creating a cryptolink claim from node to node (cross-signing claims) #213

Tasks

1. Create and add the identity claim on the node's sigchain
2. Publish the claim on the digital identity provider

[CMCDragonkai]

@tegefaulkes can you help spec out what this issue is for. Recommend meeting with @joshuakarp and @emmacasolin to discuss.

[emmacasolin]

I believe the majority of the code for this already exists, so this issue would mostly just be calling these existing functions inside of the pk identities claim command