Hi There,
I am building a dapp that currently allows login via all of the Native ICP wallets. Internet Identity, plug etc. But some of my users don’t have these wallets and often don’t desire to set them up.
I was wondering is anyone has built/knows of a nice simple way for enabling user to sign in via email/Google etc and provide that user with a principal id that can hold IC tokens?
Any help/suggestions on this would be greatly appreciated
Thanks in advance
Most straightforward approach would be adding support for NFID Wallet, this already supports email and google login. Adding support for NFID (and also other wallets) should be straightforward with https://www.identitykit.xyz/ which follow the ICRC-25 standard and its extensions.
This is also mentioned here Email & password | Internet Computer
Keep in mind that by adding support for email/google/etc directly within your dapp instead of through a wallet like NFID. You’d be likely required to implement wallet functionality in your dapp or require a user to connect a wallet for certain (token) features to be available.
Thanks but we already support NFID. We want to login with gmail/ email directly so i suppose we will need to be able to provide some wallet features yes. Is there any example dapps that do this with open source code or additional documentation on how to do this?
So regarding the wallet features, I’d split authentication and wallets into two separate things in the dapp. Then users can authenticate with their preferred method and connect (additional) wallets when needed for e.g. token specific features in the dapp.
As for login you’ve mentioned, there’s two types you’ve mentioned Google and email.
Regarding Google authentication, you could implement an OpenID flow as mentioned here How to generate delegated identity on server and send to browser - #8 by frederikrothenberger. Further down this thread you’ll also find a proof of concept implementation of such flow.
The email authentication is a bit more complicated, since your canister would need to send emails through http outcalls to e.g. an email api service e.g. SendGrid. Then emails would be used for either passwords (and password resets) and/or magic link login.
Keep the security aspect in mind while designing such flows, http calls and canister state are technically public so avoid storing and sending secrets.
Overall, I’d probably recommend skipping authentication by email/password and recommend passkeys instead. Your browser even synces them across devices for the user these days. The WebAuthnIdentity in the agent-js already offers this.
Keep in mind you might still want to implement an account recovery flow by e.g. seed phrase (like II does) or further investigate such flow by email.
Is there anyway of doing a login with google and email like this but its powered by NFID? almost like an NFID iFrame/API. NFID does seem like a good option but I don’t want users to have to leave the site and go to the NFID site.
Thanks again
Also can we collect email addresses from NFID
I agree with @sea-snake - building wallet functionality rather than hyper-focus on making incredible apps forces users to trust you with tokens as well as the service, which many will not do. Plus the barrier is already low with NFID Wallet, which takes wallet creation from 10 minutes down to 10 seconds.
IdentityKit has a “featured mode” that you could leverage to suggest users create a wallet with email. Have you considered this approach, at least for the time being?
Check this out in the demo.
