Questions about Internet Identity [was: A few problems and questions]

Developers internet-identity
1

I have a few questions that I can’t find anyone else has addressed.

Question 1: Passkey Syncing Across Devices

  • “I created a passkey on Windows Edge for my app. How can users access the same Internet Identity account from iPhone with Chrome? What’s the recommended setup for passkey syncing across different browsers and devices?”

Question 2: Safari Compatibility

  • “I’m using @dfinity/auth-client in my web app. When users click the login button that calls authClient.login() on Safari (iPhone), the Internet Identity sign-in page doesn’t open. The same code works fine in Edge on Windows and Chrome on other browsers. Is this a known Safari compatibility issue? What could be causing this?”

Question 3: IndexedDB Errors with derivationOrigin

  • “When I set a custom derivationOrigin parameter in the login options, I get ‘Failed to execute transaction on IDBDatabase: The database connection is closing.’ Is this a known issue? What’s the correct way to use derivationOrigin for multi-device support?”

Question 4: Self-Signed Certificates

  • “My app uses self-signed certificates for HTTPS. Does Internet Identity require a valid SSL certificate, or can it work with self-signed certs? Why does it fail on IP addresses but work on domain names?”
3

These are all questions about Internet Identity 2.0.
II 1.X has a lot of problems so I were glad to migrate as soon as I first knew about II 2.0

4
  1. On your new device that doesn’t have a passkey yet:
    Continue with passkey → Use existing identity → Cancel browser/os prompts → follow instructions on “Can’t find your identity?” dialog.
  2. You’ll need to create the AuthClient instance on page load and only call it’s login method on user interaction e.g. clicking login button.
  3. The derivationOrigin parameter is intended for applications that have multiple domain names, there’s no need to change any parameters for multi-device support.
  4. HTTPS is a requirement for most browsers APIs that Internet Identity relies on, the only exemption browsers make for this is localhost. It’s possible to enable SSL on an ip address but certificate issuer and browser support may vary.