Hello ICP community,
I’m in the process of integrating Internet Identity with several applications. One of these applications is based on the Web2 paradigm and I need to ensure that they share the same principal ID. This is critical for a seamless user experience across both the Web2 and Web3 parts of our ecosystem.
However, there are challenges:
- Canister deployment and upgrades: Continuous deployment and upgrading of canisters on the mainnet isn’t feasible for intensive development phases, especially given the rapid iterations we are going through.
- Signature verification with local replica: I have found that the production version of Internet Identity cannot be used with a local replica due to the inability to verify the signature.
derivationOrigin
constraints: I’m aware from the II specification that thederivationOrigin
needs to match a specific regular expression^https:\/\/[\w-]+(\.raw)?\.(ic0\.app|icp0\.io)$
. This poses a challenge for local testing. How can I effectively test Internet Identity with alternative frontend origins locally under this constraint?
To address some of these challenges, I’ve taken several measures:
- Local server with domain: I’ve implemented a local server that adopts a specific domain structure using the
${principal}.icp0.io
pattern. This domain is configured locally via the/etc/hosts
file to map to127.0.0.1
, ensuring that requests to this domain are routed to the local server. - HTTPS protocol : To match the regular expression requirements of
derivationOrigin
and to simulate a production-like environment, the server operates on the HTTPS protocol using self-signed certificates. - Serving static files: The server is configured to serve static files from the
.well-known/ii-alternative-origins
path, which simulates the expected behavior of Internet Identity when it checks for alternative frontend origins.
While this has proven effective in local testing, I’d like to confirm:
- Is this a valid approach for local testing?
- Are there any recommended best practices, workarounds, or alternative methods to achieve this?
Thank you in advance!