Is there any way to check whether two principals (on different frontends) belong to the same user?
Yes. Chain analysis.
What is chain analysis? Is it a heuristics?
Is there a simpler way?
Money flow would show you.
Most of the time you can find a persons individual cex deposit account and find multiple addresses sending funds to it.
You need a record to keep track of what someone owns one way or another. What are you trying to do
I am working on a package manager that creates an app from several canisters.
After creating a backend and a frontend canister, I need to allow the user to set his principal as the owner of the canister. To prevent another, unrelated user to do it, I invented the following solution:
In frontend, I generate a key pair. The public key is stored in the package manager. The private key is given to the created frontend in the URL string. Then the backend can use it to check, that it is the valid (the same as who created the canisters) user by generating a signature of the user’s principal in the frontend and verifying it in the backend.
Couldn’t you just gate it to the original user? Kinda like access list gating.
I can’t because the principal of the user, that uses the recently created canister, is unknown before an actual user logins.
Thus I invented passing private key generated in frontend through the URL string. This way, using an ECDSA signature, I can ensure that the user is the same (unless he hacks his own canister, what isn’t a security risk), because only the same user can have the same private key (again, unless the user hacks his own workflow).
Why not just verify the user via public key in the canister.
So it looks like youre tryna make a super dapp? And you want to create canisters instead of using canisters for users? And then set the users principal for each of these canisters they create?
If u need the principal I think you would just authenticate first to prove ownership.
If the user is unknown, but it should be known if the canister was created… i dont follow.
Authenticate the user before creating the canister… like a controlling canister that handles the creation.
It is what I do: I verify the user using pubkey stored in the package manager’s canister. To verify him, need a privkey. I generate and pass the privkey in the frontend.
I can’t because the user has different principal in the “controlling canister” and in the created canister.
No, defeats the purpose of the keypair sending the private key by wire.
Sign a message on the user end woth the private..m send the message to the canister that knows the public
I don’t “send the private key by wire”. The privkey remains in browser only.
Sign a message on the user end woth the private..m send the message to the canister that knows the public
It s already what I do.
Have you found this thread using Google? It is a forum about ICP, not about Linux or Windows.