Internet-identity Invalid delegation

Hey guys,

  1. I used dfx start to start internet-identity on the local port 8000 and created an account. The login was successful.
  2. Start my own project with dfx start on the local port 8001, and set the identityProvider:
      onSuccess: async () => {
        const identity = await authClient.getIdentity();
        const agentOptions = {
          host: "http://localhost:8001",
        var counter=setActor(agentOptions);
        const response = await counter.getUser(0);
      },identityProvider: "http://localhost:8888?canisterId=rwlgt-iiaaa-aaaaa-aaaaa-cai"
  1. When I call authClient.login, I can log in successfully and get the identity, but when I call the getUser function in canister, it will prompt me a 403 error.
    Code: 403 (Forbidden)
    Body: Failed to authenticate request

Is there any solution? thank.

What is the implementation of the method getUser?
Try to initialize actor something like as

// dfx version 0.7.2
import { Actor, HttpAgent, HttpAgentOptions } from '@dfinity/agent';
import { idlFactory as counter_idl, canisterId as counter_id } from 'ic:counter'; // counter canister frontend alias


const agentOptions = {
          host: "http://localhost:8001",
          identity: await authClient.getIdentity(),
const agent = new HttpAgent(agentOptions);
const counter = Actor.createActor(counter_idl, { agent, canisterId: counter_id });

const response = await counter.getUser(0);

For LOCAL DEVELOPMENT ONLY your app doesn’t have access to the IC root key, so after creating your agent (in your setActor function) you’ll need to call

await agent.fetchRootKey()

before creating the actor.

It’s important that you DO NOT do this in your production deployment, or you’ll open your users up to possible Man in the Middle attacks.


I added await agent.fetchRootKey() to setActor
But still report the same error

export async function setActor(agentOptions) {
  const agent = new HttpAgent(agentOptions)
  await agent.fetchRootKey();
  const counter = Actor.createActor(counter_idl, {
    canisterId: counter_id,
  return counter;

Are you running both Internet Identity and your project on the same replica instance? So just run dfx start once from your project directory, then deploy both your project and the II project to that.

1 Like

You are right, I started dfx twice, thank you very much. :grinning_face_with_smiling_eyes:

1 Like