How do you make a principal not anonymous?

princess_eth · January 3, 2024, 7:33am

I see the following code quite often in examples:

fn caller() -> Principal {
    let caller = ic_cdk::caller();
    if caller == Principal::anonymous() {
        panic!("Anonymous principal not allowed to make calls.")
    }
    caller
}

How do you make sure a Principal is not anonymous? How would you execute this using II?

h1teshtr1path1 · January 5, 2024, 6:43pm

This is written to prevent the case when someone uses candid ui to call endpoints.
As whenever an endpoint of a canister is called a caller principal is associated with that, but in candid ui case the caller principal is a specific anonymous principal.
To prevent this condition you have to authenticate yourself using either Internet Identity or any other IC wallet.

kpeacock · January 5, 2024, 8:22pm

I made a quick video answer! Here’s the transcript:

user princess_eth asks, “how do you make sure a Principal is not anonymous? How do you execute this using II?”

Great question, let’s take a look!

When you’re interacting with the Internet Computer, by default all of your calls will be anonymous. However, we can attach a cryptographic identity (consisting of a public and private key pair) to our agent, and that will allow us to sign our messages.

Now, if you want to use Internet Identity, you’ll want to use the (@dfinity/auth-client npm package), which will allow you to log in with Internet Identity and get back a “delegation identity” upon success, which you can then use in your HttpAgent as well!

Hope this helps!

And here’s the video: https://youtube.com/shorts/_AKZwwG6Z_k?feature=share

princess_eth · January 5, 2024, 10:40pm

This helps so much! Thank you, appreciate the short. Your team should create more shorts - they are quick and easy to understand.

@h1teshtr1path1, your explanation also makes a lot of sense. I assume it is a security feature as you don’t want non-owner principals to make certain calls.

princess_eth · January 16, 2024, 6:57am

What is the best way to automatically load your Internet Identity without needing to sign in?

I see that in this documentation on the npm site you can use Secp256k1KeyIdentity to load up a passkey from Internet Identity. However, it is considered risky. Is there a better way? Is there a way to use ECDSAKeyIdentity?

My use case is that I have an application that I want users to call HTTPS Outcalls using my principal. I do not want them to sign in with II and use their cycles to complete an action related to HTTPS Outcalls.

kpeacock · January 16, 2024, 4:47pm

You cannot recreate a Principal from Internet Identity using the seed phrase. It only can be accessed through a login flow.

You can persist the delegation and store it as a string, which the AuthClient does for you by default. The default expiration of 8 hours, but you can extend that out to a week with the maxTimeToLive setting in login.

Topic		Replies	Views
Enable Candid UI to be provided with a identity secret so that it can be used the same way `dfx canister call` is used Command Line Tools	5	916	September 15, 2022
Can you simply secure private data? Developers rust	10	360	March 25, 2024
Calling functions with the wallet vs. the identity principal Command Line Tools	3	726	May 26, 2021
Validation of II delegation Developers	4	512	February 4, 2022
How to integrate identity? Developers	2	853	June 3, 2021

How do you make a principal not anonymous?

Related Topics