You could in theory:
- Create an identity within Tauri, send it’s public key in step 2 to the website
- Open a website with II in a new window/webview
- Authenticate II
- Create DelegationChain with identity from AuthClient for public key from step 1
- Send DelegationChain back to Tauri and create a DelegationIdentity from identity from step 1 + DelegationChain.
This will require rs-agent in Tauri to support delegation identities, which was once implemented but closed before it was completed and merged to rs-agent: feat: add delegation identity by flyq · Pull Request #348 · dfinity/agent-rs · GitHub
Edit: Seems like you can also run agent-js within Tauri frontend and use same approach as above
Here’s some example code that uses Delegations and a website that authenticates with II. The website could in theory also authenticate with any wallet and use delegation towards the Tauri app. ECDSAKeyIdentity is used in this example, but any identity that can sign can be used.
From within Tauri:
const delegationIdentity = await ECDSAKeyIdentity.generate({
extractable: false,
keyUsages: ['sign', 'verify'],
});
// Here we open a browser and continue on the website with next code snippet
const delegationChain = await openBrowserWithII(delegationIdentity.getPublicKey());
// Here we create an identity with the delegation chain we received from the website
const internetIdentity = DelegationIdenttiy.fromDelegation(delegationIdentity, delegationChain);
// You can now make calls with internetIdentity
From within website with II (Could be e.g. a website hosted in asset canister)
const publicKey= /* Get public key from e.g. url params */
const delegationIdentity = await ECDSAKeyIdentity.generate({
extractable: false,
keyUsages: ['sign', 'verify'],
});
const delegationChain = await new Promise<DelegationChain>(async (resolve, reject) => {
const authClient = await AuthClient.create({
// Make Internet identity create a delegation chain for below identity
identity: delegationIdentity,
// Idle checks aren't needed
idleOptions: {
disableIdle: true,
disableDefaultIdleCallback: true,
},
// Storage isn't needed
storage: {
get: () => Promise.resolve(null),
set: () => Promise.resolve(),
remove: () => Promise.resolve(),
},
});
await authClient.login({
// Internet Identity should be valid for 30 days
maxTimeToLive: 30n * 24n * 60n * 60n * 1_000_000_000n,
onSuccess: () =>
resolve(
(authClient.getIdentity() as DelegationIdentity).getDelegation(),
),
onError: reject,
});
});
// Create delegation chain from II delegation chain for public key
const delegationChainForPublicKey = DelegationChain.create(delegationIdentity, publicKey, undefined, { previous: delegationChain });
/* Send above delegationChainForPublicKey back to Tauri */