Internet Identity used in web2 application

I try to integrate the Internet - Identity into a web2 application as a further possible login method. If I go through the public examples, the principal ID is always given back to identify the caller.

In my usecase I want to let the user log in with his/her II and after logged in I will redirect the user to his own data stored on the server. So I have to sync the user with some data on the server.

What is the best way to achieve this?

Can I store the principal ID for that user to merge his server side data or is there an other ID which I can use. Some times ago I read about an ID which should be uniq for that user and that particular application.

Thanks for any hints.

1 Like

I’d say your approach is absolutely correct. Internet Identity will provide the user with a unique principal for your domain.

The principal ID is the correct ID to use. :+1:

1 Like

Thank you, that was the info I was looking for.

Finally I was able to build an Angular application with II Authentication. The combination II and Angular Route Guard works also well together.

1 Like

Is your app open source or did you share your solution in a post?

A friend of mine who develop Ghostfolio - an open source web2 based portfolio management app - would be interested to give a shot to integrating II in his app developed with Angular.

my investigations are not yet finished but there is a Github repo I’m working on.

Feel free to check it out, feedback is always appreciated.

Cheers Roland


Nice! It’s probably exactly what my friend is looking for, I’ll forward the repo. Really cool, thanks :+1:

That was super useful @rbole, my friend has now implemented II in his web2 open source wealth management software Ghostfolio (repo). Thanks for the tips :+1:


Just adding a note about the security to this solution: as far as I understand, this works fine but actually for proper security, it would need a module that checks in the backend that the delegation has not been fished.

The solution relies on the fact that the delegation provided by the client side to the backend to init the session is correct and is owned by the user who provides it but, nothing prevent the fact that a third party malware could have potentially hijacked the delegation on the client side. Such security check exists out of the box with agent-js/canisters but not with a custom web2 backend, at least until someone develop a library for such purpose.

So, again, only my understanding, maybe I am missing something but since my above posts I’ve been made aware that such a potential threat exists.