Are user text principal public?

I am developing a proof of concept to port our app from Firebase to the IC.

With the Firebase Auth and Store, users are identified with their automatically given uuid. The information is public. I can save it in the db and use it to grant access to the information (with the help of DB rules).

When a db data is accessed, I can check if the authorized request’s uuid matches the one of the data. User can access his/her data if db.uuid == auth user.uuid. In other words, user cannot access the data of other users.

On the Internet Computer, I am guessing I would have to use user’s Principal to achieve such access control.

Therefore my question: is the textual representation of the Principal public ?

I was thinking on implementing such a check permission with stable objects containing the Principal.toText.

private func check_permission(user: Principal, obj : MyObject) : async () {
  if (user != Principal.fromText(obj.principal_text)) {
    throw Error.reject("User does not have the permission.");

That should be fine, but there should be no need to stable store the principals as text. The Principal type is both sharable and stable, and you can compare Principals for equality directly.

Thanks for the feedback Claudio, well noted!

I spotted afterwards the Principal.equal(a, b).

Kind of a special case (I am porting an existing app) that’s why I will compare their text value. Btw. updated my function as following, again for my use case:

private func check_permission(user: Principal, obj: MyObject) : async () {
        if (Principal.toText(user) != obj.principal_text) 
            throw Error.reject("User does not have the permission.");

By the way, if you are interested in still using traditional auth methods (e.g. email/password) but with an IC app, I put down some thoughts on how that would work here: Alternate User Authentication method in Canister - #10 by jzxchiang

Thanks for the share @jzxchiang, interesting! We are developing a proof of concept, therefore for it I’ll only use the Internet Identity but, who knows if we go further. Will keep a good eye on your thread!