Internet Identity is great.
It is secure, it is easy to integrate into an app and it actually provides solid UX, considering the amount of headache it solves. But in order to achieve all these traits, the II team had to sacrifice something - ease of Open Services integration.
I’m bringing this term “Open Service” here on purpose. I love this vision of global connected “internet of dapps” and I believe in it. And since Dfinity is the origin of this vision (at least of its modern reincarnation), I think, everything Dfinity does should help this vision to spread and mature.
Imagine the following use-case:
I want to implement a “feed aggregator” service, that will let its users to connect different social media dapps (imagine there are some) and see all their feed in one place. All dapps use II for authentication.
What do I need to solve?
- I need to learn how to use all the APIs provided by different social media dapps. But this is fine - this is actually the only “business” task I have. No problem.
- I need to somehow force my users to tell me their principals they use to interact with these social media dapps. This is a problem. There is no pattern for this right now. There is no II functionality for this either.
In order to solve this task I could provide a user with a form where they can enter their principal at the target dapp. But this will require the user to open a separate browser window with the dapp, login with II and then copy/paste the principal into the form.
- can be done right now;
- secure - the user only tells me the principal so I’m only able to fetch public data.
- poor UX;
- the user can manipulate input data.
I could also try to “be my own II” and force the user to authenticate themselves via their secure device, supplying target dapps hostname to the II’s backend. This would not only provide me with the right principal, but also with the authenticated session keypair, which my frontend could use to not only read, but to also write something on behalf of the user. This is good, right? Wrong!
- can be done right now;
- okay UX;
- the user can’t manipulate input data.
- this is not secure at all, don’t recommend.
So, it seems like we’re out of luck trying to use current II’s implementation to solve this issue.
But it would be nice and very convenient, if the II could do it for us. Imagine this workflow:
- The user opens the aggregator’s webpage.
- The user clicks “Login with II” button.
- The II window opens.
- On this window the user sees the usual “touch your security device” dialog.
- Once this done, the II window doesn’t redirect the user back to the app, but instead shows them an additional window
This application asks you to reveal your identity on the following applications: https://social-media1.ic.app  https://social-media2.ic.app  ... Would you like to do that? Select apps you would like to reveal your identity of.
- The user checks some hostnames.
https://social-media1.ic.app [x] https://social-media2.ic.app 
- The user clicks “Reveal” button.
- The user is redirected back to the aggregator app, but now they have not only the certified identity data (subnet signature and the delegation), but also the certified principal mapping data for selected services, which I, as a developer, can supply into my canisters and use on a frontend side:
data: https://social-media1.ic.app -> aaaa-aaa-aaaa-aaaa-aaaa signature: <blob>
- Problem solved.
- good UX;
- the user can’t manipulate input;
- can’t be done right now.
This solution is the desired one (at least from my current perspective), since it finally enables us to build complex interconnected services.
It is a bridge building factory in the world of islands.
This way we’re basically implementing “bad solution 1”, but inside the II. The app that asks for a reveal has access to principals only. The user has full control over this process. The list of hostnames to reveal could be provided by the requesting dapp developer (e.g. manually passed to AuthClient js object).
Is it possible to implement something like the “Good solution” I’ve described within the II?
How can I help to speed it up?