I try to integrate the Internet - Identity into a web2 application as a further possible login method. If I go through the public examples, the principal ID is always given back to identify the caller.
In my usecase I want to let the user log in with his/her II and after logged in I will redirect the user to his own data stored on the server. So I have to sync the user with some data on the server.
What is the best way to achieve this?
Can I store the principal ID for that user to merge his server side data or is there an other ID which I can use. Some times ago I read about an ID which should be uniq for that user and that particular application.
Is your app open source or did you share your solution in a post?
A friend of mine who develop Ghostfolio - an open source web2 based portfolio management app - would be interested to give a shot to integrating II in his app developed with Angular.
That was super useful @rbole, my friend has now implemented II in his web2 open source wealth management software Ghostfolio (repo). Thanks for the tips
Just adding a note about the security to this solution: as far as I understand, this works fine but actually for proper security, it would need a module that checks in the backend that the delegation has not been fished.
The solution relies on the fact that the delegation provided by the client side to the backend to init the session is correct and is owned by the user who provides it but, nothing prevent the fact that a third party malware could have potentially hijacked the delegation on the client side. Such security check exists out of the box with agent-js/canisters but not with a custom web2 backend, at least until someone develop a library for such purpose.
So, again, only my understanding, maybe I am missing something but since my above posts I’ve been made aware that such a potential threat exists.