docs: use the Motoko identity-attributes library for II attribute verification#286
Open
sea-snake wants to merge 8 commits into
Open
docs: use the Motoko identity-attributes library for II attribute verification#286sea-snake wants to merge 8 commits into
sea-snake wants to merge 8 commits into
Conversation
…ification Reframe the Internet Identity attribute flow around the two-method protocol (_internet_identity_sign_in_start / _internet_identity_sign_in_finish): the mo:identity-attributes mixin provides it in Motoko, hand-written in Rust so a single frontend works against either backend. The frontend now runs nonce, sign-in, and the attribute request in parallel and requests name and verified_email. Adds frontend_origins to the icp.yaml env vars and updates the storing-the-nonce guidance and common-mistakes entry.
|
🤖 Preview build failed. |
…xample verified_attributes already rejects callers without a trusted II bundle, so the inline anonymous check duplicated the Reject-anonymous-callers section. Mirrors the mo:identity-attributes mixin, which has no separate check.
With the fixed _internet_identity_sign_in_start/finish methods the nonce binds one sign-in handshake; it is not tied to a named action or user. Reword the replay-protection notes accordingly.
Drop the nonce-keying rationale, the raw_rand location comment (the call is right there), and verbose upgrade/heap wording. Keep only purposeful comments.
It was a shared tip outside the Tabs block, so it rendered under Motoko too, even though nonce storage is a Rust-only concern (the mo:identity-attributes library handles it). Now lives inside the Rust tab.
…storage note Use the method-call form from the mo:identity-attributes README instead of Map.add/Map.get, and remove the storing-the-nonce note.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Reframes the Internet Identity attribute flow in the authentication guide around the two-method protocol (
_internet_identity_sign_in_start/_internet_identity_sign_in_finish): themo:identity-attributesmixin provides it in Motoko, hand-written in Rust (no Rust library yet). One frontend works against either backend.Changes
requestAttributesrun in parallel (nonce passed as a promise); requestsname+verified_email; checks the{ ok }/{ err }result.include IdentityAttributes({ onVerified })plusmops.tomlandicp.yamlenv vars (trusted_attribute_signers,frontend_origins, optionaltrusted_sso_domains).dfinity/motoko-identity-attributes).Verification
internet-identity.mdxcompiles cleanly via@mdx-js/mdx.astro builddeferred to CI (the local sandbox lacked the.sourcessubmodules; all sandbox build errors were on other pages, none on this file).