Identify - Sign in with OAuth2

f0i · October 15, 2025, 3:56pm

Project highlights

Identify is an authentication provider for the Internet Computer that gives dapp developers more control over the login experience.
It allows apps to access verified user data from Web2 identity providers like username, email, and profile picture, enabling richer onboarding and personalized experiences.
Users can sign in with existing accounts including Google, GitHub, X, Auth0, Zitadel, LinkedIn, Discord, and others.
The project addresses the need for a secure, flexible, and decentralized authentication solution that goes beyond the constraints of Internet Identity 2.0.

Comparison with Internet Identity (II 2.0)

Identify is not necessarily a replacement for all projects using II 2.0.
II 2.0 already provides a very secure way to sign in users, and Identify also focuses on security while offering additional flexibility.

Key differences:

Supports more authentication providers out of the box.
Developers can choose between using a managed instance or fully self-deploying the canister.
Provides dapps with access to user data, allowing developers to link social accounts to user Principals for richer experiences.
Identify can be used alongside II 2.0 if a project wants to both use II for authentication and access additional verified user info from social login providers.

This makes Identify particularly useful for dapps that want additional control over the login experience and access to verified user data for enhanced onboarding.

Web3 advantages

Identify removes the dependency on centralized identity providers by running entirely on the Internet Computer.
Authentication, token verification, and delegation are performed on-chain, providing transparency, auditability, and trust-minimized integration.
Many apps that implement similar functionality today rely on custom backend solutions hosted on services like AWS, which introduces centralization and additional maintenance overhead.
Identify allows dApps to leverage Web2 identity providers in a decentralized environment while maintaining security guarantees from the IC.

Supported providers and flows

Identify groups providers into three categories:

OIDC with JWT in browser (most secure, same flow as II 2.0)
- Google, Auth0, Zitadel
PKCE with JWT with http-outcall
- Discord, LinkedIn
PKCE with user-info endpoint with http-outcalls
- GitHub, X

PKCE-based flows require some trust in the node performing HTTP outcalls.

How it’s built

Identify consists of one backend canister written in Motoko and one frontend canister written in TypeScript.
The backend pre-fetches OAuth2 keys (e.g., from Google) and performs JWT validation and delegation signing.
The frontend handles the user login flow, including opening the login UI, prompting the user to authenticate, and exchanging ID tokens with the backend.

Developers can integrate Identify into their dapps using IC authentication client libraries, such as @dfinity/auth-client, IdentityKit, or ic-use-internet-identity.
DApps can access user information such as username, email, and profile picture for richer experiences.
Identify also supports JSON-RPC ICRC standards like ICRC-25 (Signer Interaction), ICRC-27 (Accounts), ICRC-29 (Browser Post Message Transport), ICRC-34 (Delegation), and ICRC-49 (Call Canister).

GitHub repository: https://github.com/f0i/identify

Go-To-Market strategy

Identify is a finalist of the WCHL Hackathon.
We are reaching out to IC projects about potential integration.
Public instances are available for immediate use, with self-deployment options for full control.
Developer adoption is supported via detailed integration guides and demo apps.

Monetization

The project is not monetized. Development was supported by a developer grant from DFINITY.
The goal is to provide a reference implementation of an IC-native authentication provider, with potential monetization later via hosted instances or enterprise solutions.

Status of the project

The first official release is live.
It supports multiple OAuth2 and OIDC providers, implements key ICRC standards (25, 27, 29, 34, 49), and is fully tested.
GitHub release: https://github.com/f0i/identify/releases

Resources

GitHub: https://github.com/f0i/identify
Demo: https://www.youtube.com/watch?v=0SnN-TN4-B0
Apps using Identify: Bitcoin Gift Cards, Provider Test Page login.f0i.de, poi.f0i.de

Future Plans

Test additional providers to ensure reliable integration
Focus on gathering user feedback and improving developer experience
Assist projects with integrating Identify into their dApps

MacroStrategy · October 15, 2025, 11:30pm

This is amazing work

Excited to see projects use it!

Topic		Replies	Views
Integrating OpenID Providers into Internet Identity internet-identity	37	802	March 26, 2025
Internet Identity Roadmap Update, Jan 2023 internet-identity community-consideration	16	2640	February 10, 2023
Universal Identity server for other chain wallets Developers Discussing	17	184	April 26, 2025
Disable Google sign in II v2 internet-identity	4	123	October 20, 2025
Login with Google Developers Frontend	17	1392	June 11, 2024