Differentiation between the methods of obtaining the userPrincipal calling the function

Severin · December 7, 2022, 7:29am

Yes, that’s right. Otherwise someone could modify the frontend to impersonate anybody.

Here’s an example how we use both approaches in the same code base:

Use ic_cdk::api::caller() to get the real caller (e.g. here)
Pass it into a function (that’s fn my_func(caller: Principal), e.g. here) so that testing becomes easier. Tests are here, but none use different callers right now I think.

Topic		Replies	Views
Using Canister principal when making intra-canister calls Rust internet-identity	8	426	December 1, 2023
Grab calling principal in local environment Developers	6	713	June 16, 2022
Feature Request: Mechanism to figure out if a call to a canister comes from canisters belonging to the same project Developers	8	722	March 24, 2023
I want a function on a canister to be callable only by another canister on the IC, and not by an API call or any other canister Developers	7	486	February 22, 2022
How to make inter-canister calls where ic_cdk::caller() is the caller? Rust	3	38	October 21, 2024