Proposal 138188 to upgrade II (2025-08-26): Fix Google authentication

Governance NNS proposal discussions
, ,
1

This 138188 proposal is Internet Identity release release-2025-08-26 for commit e38a9b9e16fabf93a581ce6788762c67de15152f.

The release fixes an issue with users that authenticated with Google. They weren’t able to authenticate a second time with their cached identity and needed to go through the whole auth flow again.

What’s Changed

Full Changelog: https://github.com/dfinity/internet-identity/compare/release-2025-08-22…release-2025-08-26

Build flavors

For more information please see the Build flavors section of the README.

Filename sha256 (links to CI Run)
internet_identity_production.wasm.gz 6150b0f99e7cc57afd3f830666b70be0a4bd357e775fdad18f9b8c4e47637299
internet_identity_dev.wasm.gz 30d9ccec1ac75431943331d69b5cce3f585b1c0f09e2a7fac771182e0fab3440
internet_identity_test.wasm.gz d134945707adc6d37d6889b8b6bae0101374272981b391116f4ba9c1cae05948
archive.wasm.gz 4e8431f2c01c32aced21439e8a97ea0abe224af8188958a477eadfad46e690fb
vc_demo_issuer.wasm.gz 58e4ab2b2e885959248370c318e4ae7a9398c47e35c14e36ee1e056043b0889b

Wasm Verification

To build the wasm modules yourself and verify their hashes, run the following commands from the root of the Internet Identity repository:

git pull # to ensure you have the latest changes.
git checkout e38a9b9e16fabf93a581ce6788762c67de15152f
./scripts/verify-hash --ii-hash 6150b0f99e7cc57afd3f830666b70be0a4bd357e775fdad18f9b8c4e47637299

Make sure to compare the hashes also with the proposal payload when verifying canister upgrade proposals.

Argument Verification

Run the following command to verify the upgrade argument hash:

didc encode '(
  opt record {
    fetch_root_key = null;
    openid_google = null;
    is_production = null;
    enable_dapps_explorer = null;
    assigned_user_number_range = null;
    new_flow_origins = null;
    archive_config = null;
    canister_creation_cycles_cost = null;
    analytics_config = null;
    feature_flag_enable_generic_open_id_fe = null;
    related_origins = null;
    feature_flag_continue_from_another_device = null;
    openid_configs = opt vec {
      record {
        name = "Google";
        logo = "<svg viewBox=\"0 0 24 24\"><path d=\"M12.19 2.83A9.15 9.15 0 0 0 4 16.11c1.5 3 4.6 5.06 8.18 5.06 2.47 0 4.55-.82 6.07-2.22a8.95 8.95 0 0 0 2.73-6.74c0-.65-.06-1.28-.17-1.88h-8.63v3.55h4.93a4.23 4.23 0 0 1-1.84 2.76c-3.03 2-7.12.55-8.22-2.9h-.01a5.5 5.5 0 0 1 5.14-7.26 5 5 0 0 1 3.5 1.37l2.63-2.63a8.8 8.8 0 0 0-6.13-2.39z\" style=\"fill: currentColor;\"></path></svg>";
        issuer = "https://accounts.google.com";
        client_id = "775077467414-q1ajffledt8bjj82p2rl5a09co8cf4rf.apps.googleusercontent.com";
        jwks_uri = "https://www.googleapis.com/oauth2/v3/certs";
        auth_uri = "https://accounts.google.com/o/oauth2/v2/auth";
        auth_scope = vec { "openid"; "profile"; "email" };
        fedcm_uri = opt "https://accounts.google.com/gsi/fedcm.json";
      };
      record {
        name = "Apple";
        logo = "<svg viewBox=\"0 0 24 24\"><path d=\"M14.8 3.2c1-1.2 1.2-2.7 1-3.2-1 0-2.2.7-2.9 1.5-.9 1.2-1.1 2.6-.9 3 .6.2 2-.3 2.8-1.3ZM9.2 20c1.2 0 1.6-.8 3.2-.8 1.5 0 1.8.8 3.1.8s2.3-1.2 3-2.5c1-1.4 1.3-2.8 1.4-2.8 0 0-2.6-1.2-2.6-4.1 0-2.5 2-3.7 2.1-3.8a4.5 4.5 0 0 0-3.9-2c-1.4 0-2.6.8-3.4.8-.8 0-1.9-.8-3.2-.8-2.3 0-4.8 2-4.8 6 0 2.3 1 4.8 2 6.5 1 1.5 1.9 2.7 3 2.7Z\" style=\"fill: currentColor;\"></path></svg>";
        issuer = "https://appleid.apple.com";
        client_id = "ai.id.auth";
        jwks_uri = "https://appleid.apple.com/auth/keys";
        auth_uri = "https://appleid.apple.com/auth/authorize";
        auth_scope = vec { "openid" };
        fedcm_uri = null;
      };
      record {
        name = "Microsoft";
        logo = "<svg viewBox=\"0 0 24 24\"><path d=\"M2.5 2.5h9v9h-9zm10 0h9v9h-9zm-10 10h9v9h-9zm10 0h9v9h-9z\" style=\"fill: currentColor;\"></path></svg>";
        issuer = "https://login.microsoftonline.com/{tid}/v2.0";
        client_id = "80d5203e-9ba2-4acf-97a1-88d926a0bbbf";
        jwks_uri = "https://login.microsoftonline.com/common/discovery/v2.0/keys";
        auth_uri = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize";
        auth_scope = vec { "openid"; "profile"; "email" };
        fedcm_uri = null;
      };
    };
    captcha_config = null;
    dummy_auth = null;
    register_rate_limit = null;
  },
)' | xxd -r -p | sha256sum

The output should match the argument hash.

1 Like
2

There is an issue with the rendering of the proposal arguments verification script in the NNS Dapp. Therefore, we suggest to verify the arguments using the dashboard.