How can I see my principal ID from the Internet Identity of each Dapp?

How can I see my principal ID which is generated by the Internet Identity of each Dapp?
Before the UX version upgrade of Internet Identity, we could see the Principal ID on a screen of Internet Identity.
But now, I can’t do that so please give me some advice.

I think only the NNS got a UI upgrade. Do you mean that?

If so, your principal is shown under the “Canisters” tab.

I’m not aware of a central place in Internet Identity that will show you all of the apps you’ve authenticated with and the principals for each.

@nmattia might be able to speak to if either of these are technically possible. There might be privacy concerns or other design decisions that mean it doesn’t/can’t work that way.

@dostro is building https://nfid.one so probably has some thoughts on this too :slightly_smiling_face:

2 Likes

Thanks for replying. Before the recent UX upgrade of Internet Identity, the user principal ID appeared in II screen for each dapp. But now, this screen is removed.

Sorry, I can’t understand where it is. Could you tell me more, please?

I was referring to the “Canisters” tab within the NNS. I thought you might have been referring to that since I couldn’t see any changes to https://identity.ic0.app

I see what you mean now though.

Tagging @frederikrothenberger for visibility on this feedback.

2 Likes

Hi @0xyu5
We removed this information in order to save an additional step when logging in (because it can only be shown after authentication). So currently, it’s no longer visible. We plan on adding the functionality back at some point as a feature in the management view.

Just out of curiosity: why are you interested in this information (since it’s rather technical)?

Best regards
Frederik

2 Likes

@0xyu5 you’ll be able to see a list of all your principals across all the applications you’ve signed in to from inside your NFID profile. We only have the list of applications right now but can easily add what you need this summer, let me know what that is and we’ll submit a design proposal for your review :slight_smile:

3 Likes

@dostro
Sorry for the delay in replying.

I tried using NFID and thought it is good for user friendly.
I thought it would be good if application name have been displayed in addition to principal.
I was surprised that we will able to login NFID with Google account.
I am looking for your future development!

Thanks.

1 Like

@frederikrothenberger
Sorry for the late reply. It took me a long time to understand as much as I could and then reply.

I think it is a good decision as I think the UX improvements of II are what many users have been waiting for.

I was working with a Python agent to automate update calls of Dapps which be logged in with II.
Finally, I found ic_idenitity and ic_delegation in the browser’s local storage. I was able to automate the update call using them.

However, there is something I cannot understand, and I would appreciate it if you could answer my questions.

  1. session key and User Principal
    In the case of Dapps logged in with II, the payload is signed with the delegated session private key and verified with the session public key, right?
    In other words, is the public key (SHA224 of hostname, anchor, and salt) that serves as the principal ID called “key” for convenience? There is no corresponding private key, is there?

  2. How to sign a payload
    Why is it possible to invoke session private key from ic_idenitty and ic_delegation which is in local_storage?
    What I want to say is that I can’t see private session key in local_storage. How to invoke session private key?

  3. delegation chain
    It is not possible to understand what a delegation chain is. I don’t understand what is meant by the diagram on the right, i.e., chain. Could you please tell me what it means?
    *The text in the photo was written by myself. I am not sure if it is correct.

1 Like

Hi @0xyu5

Thanks for the feedback.

In the case of Dapps logged in with II, the payload is signed with the delegated session private key and verified with the session public key, right?

Yes, this is correct.

In other words, is the public key (SHA224 of hostname, anchor, and salt) that serves as the principal ID called “key” for convenience? There is no corresponding private key, is there?

The principal / key returned from II is a canister public key as specified here: Canister-signatures
There is no single corresponding private key, but rather a set of key shares, distributed among the nodes running the subnet where this particular canister is hosted. Together they can sign payloads that can be verified using a such a public key and the validation procedure described in the spec linked above.

What I want to say is that I can’t see private session key in local_storage. How to invoke session private key?

Well, it is.

ic-identity: ["302a300...367","21b2e...b367"]
^ key in local storage
                 ^ public key    ^ private key

Additionally, there should also be a value with the key ic-delegation. This is the delegation issued by II to authorize the use of the session key with your principal.

Delegations are explained in the following section of the spec: Authentication

3 Likes