Issue with the public-private key pair storage strategy

Hello community!

Today I worked on the “Save identity information for the incognito profile” part of the “Making simple inter-canister calls” Developer Center tutorial.

A step consists to play with the dfinity-ic-user-identity key stored in the local storage of the browser.

Unfortunately, as mentioned in the highlights of what’s new in 0.6.1:

An update to the user authentication method enables dfx to use the browser’s localStorage for the user’s public and private keys if cookies are not enabled.

So, I tried to disable cookies in my browser in order to let dfx behaves the same as in the tutorial.

Here we are, I tried this approach in Firefox, Google Chrome, and Microsoft Edge with these outcomes:

  • Firefox:
    – cookies enabled: dfinity-ic-user-identity stored in "Cookies"
    – cookies disabled:

An error happened:

e.exports<[4]

  • Google Chrome and Microsoft Edge:
    – cookies enabled: dfinity-ic-user-identity stored in “IndexedDB” > “localforage - http://localhost:8000” > “keyvaluepairs
    – cookies disabled:

An error happened:
Error: No available storage method found.
at r (http://localhost:8000/bootstrap.js:2:225481)
at async h.getKeyPair (http://localhost:8000/bootstrap.js:2:195986)
at async Object.t.createAgent (http://localhost:8000/bootstrap.js:2:227669)
at async _main (http://localhost:8000/bootstrap.js:2:236758)

Did someone faced the same issue while doing the tutorial?

2 Likes

Just in case, I think you need to know that the project in question is a clone of LinkedUp.

As explained here, I retrieved the clone directly from the GitHub webpage.

Moreover, I fixed each vulnerability listed in the output of the npm audit command.

Finally, I changed the dfx version in the dfx.json file from “0.6.2” to “0.6.4”.

Thank you for your time and commitment as always. :slight_smile:

2 Likes

Hey Atom, thanks for checking out the tutorial!

I was able to reproduce the example in Chrome. It looks like Chrome is throwing the following errors:

  • DOMException: The user denied permission to access the database.
  • DOMException: Failed to read the 'localStorage' property from 'Window': Access is denied for this document

That leads me to think that none of the methods that we would use to store the key pairs are accessible if the browser’s cookies are disabled. I found this StackOverflow post describing what is probably happening:

For now, the behaviour is browser-dependent. Disabling cookies on each of these browsers disable the following:

  • Chrome : cookies, localStorage, sessionStorage, IndexedDB
  • Firefox : cookies, localStorage, sessionStorage
  • IE : cookies only

Given that, I suspect that our front-end will not work without cookies enabled.

4 Likes

Hi Andrew, thank you for replying to my post! :slight_smile:

It’s good to know about how browsers manage their cookies disabling policy.

So, as I understand the situation, that means that I cannot play with the public-private key pair as they do in the tutorial. Am I right?

If that so, I guess it would be better to remove this part from the tutorial eventually.

1 Like