I’m curious about the annoymous principal.
is it always the same principal regardless of what generates it? e.g from the rust package
Principal::anonymous()
or from a frontend that isn’t authenticated with II or Plug for example.
I want to guard against annoymous principals in my backend canister. what im doing now is
if caller == Principal::annoymous() {
/// do stuff
}
That’ll do it - the standard anonymous principal has a string representation of '2vxsx-fae'.
Technically speaking though, any principal that ends with 0x04 will be classified as anonymous and won’t require a signature. The one used by the agents is just an empty seed with that classification. I don’t actually know if there’s a convenient way to guard against all anonymous identities, or to easily identify them.
Quite an interesting detail I didn’t know of. Anonymous identifiers that don’t require a signature.
Yeah, you could theoretically do something interesting with these - using a token “secret” to have a unique anonymous identity to manage sessions but still use anonymous calls that don’t require signatures
The spec you linked here says that 0x04 is the anonymous identity. It doesn’t mention that there are other anonymous identities. Is that intentional that “longer” anonymous identities are accepted?
That’s my vague recollection from a conversation I had years ago, yes. How the actual replica handles this ambiguous detail in the spec today is another question
Apparently in practice it throws an error:
AgentError: Gateway returned an error: Code: 400 (Bad Request) Body: Missing signature from user: gagks-yqbai-bqiba
Tested by modifying the AnonymousIdentity to use
new Uint8Array([1, 2, 3, 4, ANONYMOUS_SUFFIX]);
in agent-js.
@bjoern care to weigh in on the intended behavior? Is there just one anonymous identity, or is it supposed to be a category of identity for agents to use?
The intended behavior is that there is exactly one anonymous principal, which is 0x04. If ingress validation where to accept anything ending on 0x04 but not being exactly equal to 0x04, I’d consider that a bug.
Motoko has the Principal.isAnonymous(p) function that tests that p == Principal.fromBlob(“\04”).
Would be nice for the rust library to also have this