@dfinity/agent returns 403 response

Hi,

Aim : I am trying to locally authenticate and run my app with authenticated user.

I have set up the internet identity cannister locally and the authentications works, now when I am trying to create a agent with @difinity/agent to my canister with the authenticated user info and now it is throwing 403 error.

This is my actor creation code.

export const createActor = (canisterId, options) => {
  const agent = new HttpAgent({ ...options?.agentOptions });

  // Creates an actor with using the candid interface and the HttpAgent
  return Actor.createActor(idlFactory, {
    agent,
    canisterId,
    ...options?.actorOptions,
  });
};

And once the user is authenticated, I am creating the canister agent with identity information.

const identity = await authClient.getIdentity();
  console.log("Identity = ", identity);
  const authanticatedUser = createActor(canisterId, {
    agentOptions: {
      identity,
    },
  });

But it is throwing following errors :

POST http://localhost:8000/api/v2/canister/qoctq-giaaa-aaaaa-aaaea-cai/call 403 (Forbidden)
Uncaught (in promise) Error: Server returned an error:
  Code: 403 (Forbidden)
  Body: Failed to authenticate request 0x48c90963c9ac1ccafaac2b15d016902a506a5b0456e73adb4aa6e70f8355a7ac due to: Invalid delegation: Invalid canister signature: IcCanisterSignature signature could not be verified: public key 0a00000000000000000101065f97fea6ef5a9bb2ddcdd475ca985ab4a153c1fe14d973abb2f9a4deec9878, signature d9d9f7a26b63657274696669636174655901b1d9d9f7a2647472656583018301830183024863616e69737465728301830183024a000000000000000001018301830183024e6365727469666965645f6461746182035820a574168ec991679049e2ef6e81008209cc365aa5bb4360e448666f6d2fe0ee16820458203a8b0e194b9ebcd1eb6f8b5b939869c1339daf0ef9ceb9e9722b541118c7b43782045820218af40ee97fc696b9ba8fddd8bc6f3d3820919acf251be39cec2743e8a7f53482045820abb2b2359bddec1af27318a8a38cfdbca2c0034c978cf40d7cce11169737324c82045820a5915cccd531745ad7e67a454a1afa00a667d2b108c7baea6909a1a95de171bc820458204dd8d43900e14d58d196039d97ba217ae4ec077e195ec5eb6cbbaaf71bbbc17282045820abb31c9190bd8d3d1a406a03857c487eb7b713f8a7596c78b26740792292413b830182045820368b957f74accc2da22769f5c77e90cb17b6d759f29c77f9713bf2e601aef95883024474696d658203498f9fc78e9aecacdd16697369676e61747572655830af69adeddde74c3fb84c803e5742131853bd832b71f0cd85414a2990bb606f41678e986b6bc00764d4f047f90628fe9b6474726565830182045820e7890b1cc507f21711785a45163bc31e2367ba8008da10d4ce4cf1a0309d015b8302437369678301820458202f5e73feaeb136ef7189e8157f73c8a943e68c3873361df89684a6638df3cc948302582045296a80b8ddc7a791a5f882fc8bffc80e4a26cf0105f2de220dab73dae1b03183025820bf8a7c847f23b22184c8d9cf15bd832c910bd980dc318f61e4d5364c9834f3a2820340, error: certificate verification failed: failed to verify threshold signature: root_hash=CryptoHash(0x0aab5557b74c3149697bdf19b7ede1365bd168d6787536aeb99aaf692e22a16d), sig=Blob{48 bytes;af69adeddde74c3fb84c803e5742131853bd832b71f0cd85414a2990bb606f41678e986b6bc00764d4f047f90628fe9b}, pk=ThresholdSigPublicKey { internal: ThresBls12_381(0xab23f6d34b16f5c1141f8964bf023f69e04a66085526c7a0e269b54d20e65e07e61009c6ed9bb23eddb334b5156eba0500f782af5464329082b3fccd7048d01a8d59f9ea49956220cc7da28318a839194fd9d40d92fcd13efd970ed52d845051) }, error=ThresBls12_381 signature could not be verified: public key ab23f6d34b16f5c1141f8964bf023f69e04a66085526c7a0e269b54d20e65e07e61009c6ed9bb23eddb334b5156eba0500f782af5464329082b3fccd7048d01a8d59f9ea49956220cc7da28318a839194fd9d40d92fcd13efd970ed52d845051, signature af69adeddde74c3fb84c803e5742131853bd832b71f0cd85414a2990bb606f41678e986b6bc00764d4f047f90628fe9b, error: Invalid combined threshold signature
1 Like

Did this get answered somewhere else?

Or is this only an issue occurring locally??

ah →

Yeah, you did discover the issue, and the error does an okay job at explaining what’s happening. Signatures from canisters on the mainnet cannot be used locally, or vise versa. This is what the JS Agent is doing when you call fetchRootKey for local replicas - the root key of the network is needed to verify signatures.

Here are the docs from the II repo - GitHub - dfinity/internet-identity: Internet Identity, a blockchain authentication system for the Internet Computer

1 Like