hello everyone
2026 is in a few days, community’s sentiment is not good (haha) BUT… we keep on building because that’s the only thing we can do ![]()
anyway i wanna share what i built this past few weeks & i’d love feedback from InternetIdentity maxis
tldr;
- problem: internet identity gives you a different principal per app. that’s great for privacy, but it fragments user balances. you end up sending icp between principals, copypasting, doublecheckin, and dealing with different transfer/approve flows, forms & vocabs in every app.
- idea: let users deposit once into a canister and then link multiple principals to a single “main“ principal. apps can spend from that balance via allowance the user approve.
- demo: only icp token for now, uses II 2.0, could be used by caffeine apps (since their main login is internet identity, but i havent research yet on how to prompt the integration) or devs who are just lazy to integrate multiple wallets (like myself)
link: https://loxja-3yaaa-aaaan-qz3ha-cai.icp0.io/
why i built it: internet identity is my goto way to get the user’s principal. tho i respect the design choice of “unique principal per app“ for privacy… but as a user, imho, i HATE that i have to move icp between “me“, “myself“ & “i“, copypasting across tabs, with some apps have their own custom transfer/approval forms/ui/flow/vocabs… all that just to use my own icp.
so i made a thread back in november to feedback about the UX of the internet identity:
https://forum.dfinity.org/t/i-think-internet-identity-should-support-1-principal-identity-across-dapps-to-improve-ux-at-the-cost-of-privacy/60350
and while i was writing the title of this post, i was suggested this post which was made in 2022:
https://forum.dfinity.org/t/how-good-that-if-we-have-one-internet-identity-linked-to-one-principal-account-id-in-all-ic-platforms/16251/3
at least i think i’m not alone on this… despite the fact that most will go “it’s just how internet identity works“ or “it’s designed that way to protect you, man“
all i’m saying is, isnt it a good thing to have options?
how it works:
- you sign in with Internet Identity on AccountLink
- you transfer some icp to your II principal, then deposit into the AccountLink canister
- when an app wants to charge you, the app:
- 3.1. sends you to AccountLink with its canister ID, your II principal there, the amount & duration
- 3.2. you approve an allowance for that app on AccountLink
- the app’s backend then calls AccountLink to spend up to that allowance.
- ocne the allowance is spent by the app, the link (approval) is removed from AccountLink.
this way, user’s icp stay in one place, even tho he has millions of II principals
if you want to try the flow of AccountLink, i made another demo app, Everwall: https://z7eqj-riaaa-aaaac-qc7zq-cai.icp0.io/
visual tutorial on trying AccountLink on Everwall: https://twitter.com/kayicp/status/2005841174553153837
safety notes:
- tokens are held in an icp canister
- each app gets a limited allowance (amount+duration) that you approve.
- app links are removed once it’s spent/expired.
- still a demo, please use small amounts
- i plan to opensource the code once i clean it up a bit so you guys can review the implementation.
if you’re a security dev & wanna look at the design or code once it’s opensource, i’d rly appreciate it
what i’d love feedback on:
- as an InternetIdentity user: does this actually solve a real pain for you? or am i crazy?
- as a dev: would you consider integrating approval-based vault like this? what would you need to trust it?
- any obvious design flaws/edge cases that i missed?
(i’m particularly interested in II-only apps, for example caffeine.ai generated apps)
links:
my twitter: https://twitter.com/kayicp
AccountLink: https://loxja-3yaaa-aaaan-qz3ha-cai.icp0.io/
Everwall: https://z7eqj-riaaa-aaaac-qc7zq-cai.icp0.io/
happy to answer any questions here & adapt the design based on feedback!