Multi-Tenant Identity With Internet Identity? (CheddaBoards Use Case)

Developers
1

Hi all,

I’m building CheddaBoards, a lightweight open-source backend for indie games (leaderboards, achievements, profiles, OAuth, Godot/JS SDKs). It’s live on mainnet and powering my demo game but I’m still cleaning up the GitHub/docs this week, so posting now to clarify one core architectural question before finalizing the SDK.

The Problem

I need one unified player identity across multiple indie games, all hosted on different domains.

But Internet Identity generates a different principal per origin, which breaks cross-game identity in a multi-tenant setup.

The Question

What is the recommended way to use Internet Identity for a multi-domain platform where third-party games need a shared player identity?

Is the correct pattern:

1. A single unified origin (e.g., auth.cheddaboards.com)

2. Some form of domain delegation / alternative origins

3. A different recommended flow for multi-tenant apps

Any guidance or examples would help before I lock this into the SDK.

Context (Very Short)

Mainnet canister: fdvph-sqaaa-aaaap-qqc4a-cai

Demo game: https://ormgv-zyaaa-aaaap-qp2nq-cai.icp0.io

GitHub/docs: uploading this week

Thanks for any advice!

Steve (CheddaTech)

1 Like
2

Hi, I have no idea what is the best way to do this, but I think this is a great discussion because it is much needed feature outside of your use case.

If I were going to do it, I imagine the only way is to have the user “whitelist” their list of principals to their main cheddaboards domain principal in your backend. This of course would be abstracted. Through some “connect” button you would provide as an API to all the apps using your service. Again, I never actually implemented anything like this but that’s where I would start.

Good Luck!

3

Thanks! Yeah, that whitelist/connect approach does make sense - essentially having users authorize the link between their principals.

I was hoping there might be a more seamless pattern, but you’re probably right that an explicit consent flow is just the reality of how II works across different domains.

If anyone else has tackled cross-app identity on ICP or has examples of how they approached it, I’d love to hear them.