Principal ID mismatch between domain and canister URL
When generating principal IDs, I notice that the same user can get two different principal IDs —
-
one when using the raw canister URL, and
-
another when accessing through the custom domain (via
icp0.ioor a verified domain).
Recently, one of my clients lost access to their domain, and now they can’t log into their wallet, even though the canister itself is still running fine.
Using direct canister URLs is not realistic for most end-users. Is there a best-practice guide for handling this domain-based principal separation safely (especially for dapps that need consistent identity across domains)?
Internet Identity access issues (USD plugin & Passkey problems)
A number of users have been facing issues like:
-
“USB plugin failed” errors (mainly on one specific device, while other devices work fine)
-
Passkey login failures or temporary inability to access II
Request
Could someone share a complete and updated guide on:
-
How to manage principal consistency across domains
-
How to troubleshoot II login and passkey issues effectively
This would help me support my clients and improve UX for real-world applications built on ICP.