StoicIdentity - login to applications using StoicWallet

Hey guys,

Recently just published StoicIdentity, a drop-in solution that you can use with the HttpAgent for JS (similar interface to NNS). https://github.com/Toniq-Labs/stoic-identity

In future we will be adding canister scope, so apps have to declare what canister IDs they want to make calls using the users identity. We will also be flagging sensitive canisters (ledger, NNS) and require an additional verification from the user to send calls to those.

API access can be revoked from within NNS, and the bridge only exists on the local machine (so has no exposure remotely). Private keys are never exposed as well. You can use your II through StoicWallet, and have a single identity that can be used through the internet with a persistent public key.

3 Likes

From a cursory look through the code: How do you prevent users from losing access when they clear their browser data or switch devices/browsers? AFAICT you’re only storing the private key in local storage?

Are you referring to the wallet private key, or the application API key? If the application API key is lost due to browser switch, another Authorization request must be made. The solution is meant to serve as a local only connection, on a single machine at any one time. In future changes could be made to allow this to persist across devices.

If you are referring to wallet private keys, these are stored local only for non-custodial purposes so don’t traverse devices or storage loss (but users will have adequate backups/access to their respective keys)

My reading was very cursory… :smiley: After having another look I now see that you’re opening up another Iframe similar to how II does things.

Looks cool, excited to see where you take it!

1 Like

that is cool~! I will try this~

Hey, I have tried this , which is nice and easy to compile to my own code, only issue is:
to use this in frontend, and apply the code as readme:

StoicIdentity.load().then(async identity => {
if (identity !== false) {
//ID is a already connected wallet!
} else {
//No existing connection, lets make one!
identity = await StoicIdentity.connect();
}

//Lets display the connected principal!
console.log(identity.getPrincipal().toText());

//Create an actor canister
const actor = Actor.createActor(idlFactory, {
agent: new HttpAgent({
identity,
}),
canisterId,
});

//Disconnect after
StoicIdentity.disconnect();
})

An error happened in Actor.createActor(…), which says t.toBlob() is not a function…

dont know how to solve this…

Will be an issue with the versions (toBlob was removed in later versions). Do you have a github, or could you share the package.json

Yeah, I found this problem also, I checked your source code , the problem is here:

import { Principal } from “@dfinity/principal”;

I think u should do as:

import { Principal } from “@dfinity/agent”;

in agent lib still toBlob() function is there.

toBlob is removed from later versions, so making the change will make this incompatible with the latest versions of @dfinity/agent. Have you considered upgrading?

{
“name”: “xxx”,
“version”: “0.1.0”,
“description”: “”,
“keywords”: ,
“scripts”: {
“build”: “webpack”
},
“dependencies”: {
“animate.css”: “^3.7.2”,
“bootstrap”: “^4.4.1”,
“font-awesome”: “^4.7.0”,
“jquery”: “^3.5.0”,
“popper.js”: “^1.16.1”,
“tweetnacl”: “^1.0.3”,
“typed.js”: “^2.0.11”,
“wowjs”: “^1.1.3”
},
“devDependencies”: {
@dfinity/agent”: “0.8.9”,
@dfinity/auth-client”: “^0.8.9”,
@dfinity/authentication”: “^0.8.9”,
@dfinity/identity”: “^0.8.9”,
“assert”: “2.0.0”,
“buffer”: “6.0.3”,
“css-loader”: “^3.5.2”,
“events”: “3.3.0”,
“html-webpack-plugin”: “5.3.1”,
“ic-stoic-identity”: “^1.1.1”,
“process”: “0.11.10”,
“stream-browserify”: “3.0.0”,
“style-loader”: “^1.1.3”,
“terser-webpack-plugin”: “5.1.1”,
“util”: “0.12.3”,
“webpack”: “5.24.4”,
“webpack-cli”: “4.5.0”
}
}

this is my package.json, now what I should do to use the identity to create actor? :sweat_smile:

You can upgrade to the latest version of @dfinity/agent which is 0.9.3 : @dfinity/agent - npm

Hi ,dear .

Thanks a lot solved this properly by update @dfinity/agent to 0.9.3.

Appriciate!

But there is another problem after create the actor , I try to call a funtion from actor, there is a error message :sweat_smile:
error:

Code: 403 (Forbidden)

Body: Failed to authenticate request 0x523133134ee76e023c5ad8938997541a8b640cccce8c01bcf18d3325920d2b78 due to: The user id va5wj-vf4bk-wrmva-ggw2k-2pdyx-kwmtr-ty72e-d74oc-wyj2y-bc4xu-sae does not match the public key

So is there any wrong with that?

Are you developing locally and trying to login on the public Internet Identity canister? If so, that won’t work.

the call is as POST request to local:

http://127.0.0.1:8000/api/v2/canister/rrkah-fqaaa-aaaaa-aaaaq-cai/call

Yeah StoicIdentity loads from StoicWallet, which is currently main network only (not local). We may look to add local support in future

You should be able to use it with a non II address though (e.g. account with a mnemonic phrase)

Ahhh, OK… Thanks for sharing ~!

At some point, local will be able to accept signatures from the main net, and identity integration will be a lot easier

2 Likes

Is that actually worked on (given the recent, ehem, changes in staffing)? If it isn’t imminent, we should probably think about work-aounds that the community can apply on their own (e.g. easier local installation, or community forks of the SDK).

Hey, is it possible to accept payment by integrating with Stoicwallet / Stoicidentity yet? Something similar to Entrepot but the payment to be sent to an address and the canister to be able to query and see if that principal / address has sent the funds?