How should the II be used for payments?

I’ve mainly been using plug as it felt like the more intuitive choice to conduct payments…

With the II is my app just allowed to trigger transfers on the ledger on behalf of the user? What exactly prevents abuse?


With Internet Identity, you have a unique principal per app. This means also, that the app can only initiate transfers from a ledger account belonging to this app-specific principal.

Thank you. Ok yeah, true the user can only ever lose what they have trusted the app with.

But for that amount the user is just trusting the app, correct? The app could just transfer all the funds away randomly when the user has signed in. So does that mean there is room for additional protection?
Plug basically uses the same principal but has an external UI that the user can trust beyond the specific app, is that the core difference?

It also means that a dev has to implement a basic wallet UI to show the ledger balance etc. to the user in the app (which is simple but still…). It also means the user has to first fund an account related to the app-specific principal.

Will there be things like blackholed wallet canisters or so?

I think all those things are still being figured out. You might want to check out wallets like NFID and AstroX Me which are built on top of Internet Identity.

There’s also related work in the Identity & Auth WG. See: Transaction approval for proxying calls to other canisters · Issue #15 · dfinity/wg-identity-authentication · GitHub

You could also divide between authentication and payment, i.e. you could log in e.g. with Internet Identity, and then when you need to pay you get a standardized unique invoice that you can pay with all kinds of wallets.