For auth:

Most older apps use:

but some newer apps (like Juno) use:


  • What is the difference between both?
  • Which one should be used for new apps?
  • Why isn’t everyone using the same?
  • And most of all: why doesn’t my browser stay authenticated between those two? it doesn’t seem tremember the identity between both (which is not a big issue) but it doesn’t even recognize the device as a login key.

The result of all this is that currently I have loads of keys: - desktop - mobile - desktop - mobile

is this how everyone else is managing this?

1 Like

See this thread: Internet identity created in new website not working

Internet Identity relies on the WebAuthn standards, which means your biometrics/usb keys are scoped to a single domain by the webbrowser. In above thread are steps to manually transfer them to the other domain.

There isn’t much that can be done about this, it’s a browser design limitation, it adds a lot of security scoping WebAuthn but also adds this complexity when a service like Internet Identity decides to be also available on another domain.

Additionally they can’t deprecate the old domain since it’s needed for legacy services and accounts that are created with the old domain.

Always make a recovery pass phrase backup, so you can get back in, no matter which domain Internet Identity uses. Don’t solely rely on a recovery usb, this doesn’t work on other domain names and is thus useless when a domain is no longer available for some reason.


I was going to purchase a yubikey this week but this changes things, it wont be as useful as I thought xD

Thanks @sea-snake, appreciate it :pray:

1 Like

actually: what does this mean for devs? should I use the new domain or the older one for building? is it really a “newer” domain? because otherwise it seems better to use the, since that is what most apps are using?

I would use the newer domain and show an option for the older domain for users that are on the older domain and haven’t added their account to the new domain. Juno for example implements Internet Identity like this.

I would actually use the older domain

Long story short, when I started Juno, we discussed with the community whether we should use or as the main login domain for II because everything indicated a future migration of the domain. For instance, see “ flagged by anti-spam” or “follow up”. In the first blog post, there was also even, at that time, a mention of the explanation of the migration to as described by @sea-snake, which was later edited, if I remember correctly.

Consequently, we opted for to spare new users the possible hassle of a migration. However, it appears that this migration has not occurred, and despite multiple requests, I never received an official statement from the foundation about their vision for this particular question. So, right now, I tend to actually think nothing will happen soon, and the vast majority of dapps and users will continue to use


Thank you, that makes a lot of sense.

Dfinity team, if you see this: My dApp goes live in December. Any chance for a statement before that?

The goal is never to take down or Arguably, has a greater risk of being taken down or restricted because of the amount of canisters already grandfathered in to that domain, but it is safer now that new canister UI’s are only available on

The discussion and incertitude is/was more about which one will be the main domain in the future has it impacts greatly the UX. For sure I hope both will remains, particularly the second, however, mentioning that is now less susceptible to being taken down is an excellent point.

All I know is that no one has asked me to update the default idpProvider in @dfinity/auth-client, so the de facto answer until then is


ok, I’ll use

Thank you @kpeacock, @peterparker & @sea-snake! <3