Issue with the public-private key pair storage strategy

Hello community!

Today I worked on the “Save identity information for the incognito profile” part of the “Making simple inter-canister calls” Developer Center tutorial.

A step consists to play with the dfinity-ic-user-identity key stored in the local storage of the browser.

Unfortunately, as mentioned in the highlights of what’s new in 0.6.1:

An update to the user authentication method enables dfx to use the browser’s localStorage for the user’s public and private keys if cookies are not enabled.

So, I tried to disable cookies in my browser in order to let dfx behaves the same as in the tutorial.

Here we are, I tried this approach in Firefox, Google Chrome, and Microsoft Edge with these outcomes:

• Firefox:
  – cookies enabled: dfinity-ic-user-identity stored in “Cookies”
  – cookies disabled:

An error happened:

e.exports<[4]

• Google Chrome and Microsoft Edge:
  – cookies enabled: dfinity-ic-user-identity stored in “IndexedDB” > “localforage - http://localhost:8000” > “keyvaluepairs”
  – cookies disabled:

An error happened:
Error: No available storage method found.
at r (http://localhost:8000/bootstrap.js:2:225481)
at async h.getKeyPair (http://localhost:8000/bootstrap.js:2:195986)
at async Object.t.createAgent (http://localhost:8000/bootstrap.js:2:227669)
at async _main (http://localhost:8000/bootstrap.js:2:236758)

Did someone faced the same issue while doing the tutorial?

Just in case, I think you need to know that the project in question is a clone of LinkedUp.

As explained here, I retrieved the clone directly from the GitHub webpage.

Moreover, I fixed each vulnerability listed in the output of the npm audit command.

Finally, I changed the dfx version in the dfx.json file from “0.6.2” to “0.6.4”.

Thank you for your time and commitment as always.

Hey Atom, thanks for checking out the tutorial!

I was able to reproduce the example in Chrome. It looks like Chrome is throwing the following errors:

• DOMException: The user denied permission to access the database.
• DOMException: Failed to read the 'localStorage' property from 'Window': Access is denied for this document

That leads me to think that none of the methods that we would use to store the key pairs are accessible if the browser’s cookies are disabled. I found this StackOverflow post describing what is probably happening:

For now, the behaviour is browser-dependent. Disabling cookies on each of these browsers disable the following:

• Chrome : cookies, localStorage, sessionStorage, IndexedDB
• Firefox : cookies, localStorage, sessionStorage
• IE : cookies only

Given that, I suspect that our front-end will not work without cookies enabled.

Hi Andrew, thank you for replying to my post!

It’s good to know about how browsers manage their cookies disabling policy.

So, as I understand the situation, that means that I cannot play with the public-private key pair as they do in the tutorial. Am I right?

If that so, I guess it would be better to remove this part from the tutorial eventually.

This problem with the tutorial still exists 7 months later. It might be a good idea to just remove this section:

As it only causes confusion for those going through the tutorials.

Good catch Dylan, maybe @lsgunn can sort this out?

Going off topic here, but since we’re talking about fixing the “Make inter-canister calls” (LinkedUp) tutorial, this part is also broken:

git clone git@github.com:dfinity-lab/linkedup.git

Should be:

git clone git@github.com:dfinity/linkedup.git

Thanks for the ping about the identity storage/cookies issue. I missed the post that described the issue in the Inter-canister calls tutorial. It worked at one point in time (honest!). Sorry that was broken for you. I’ve removed that section for the next deployment of the documentation.

And thanks for catching that the path to the linkedup repo was also out of date. There’s a lot to keep track of, so I really do appreciate the community’s help!