Skip to content

Add Internet Identity login flow #4

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
humandebri wants to merge 10 commits into
base: main
Choose a base branch
from
Open

Add Internet Identity login flow #4

humandebri wants to merge 10 commits into from

Conversation

@humandebri
Copy link

@humandebri humandebri commented Jan 3, 2026

Summary

  • Add Internet Identity (II) login flow with local callback handling.
  • Add identity storage helpers and update CLI options/docs for II usage.
  • Improve login responses and error handling.

Changes - New II login command and callback handling code.

  • Identity store utilities (atomic write, restricted permissions).
  • CLI argument updates and documentation tweaks.
  • Python bindings updated for dfx identity use.

Notes

  • The II login flow uses a local callback on 127.0.0.1:8620.

@humandebri
add ii-login
a132259
@humandebri
Refactor Internet Identity login handling and improve identity file m…
0aa7fa6 
…anagement. Updated CLI documentation, removed unused identity.json from .gitignore, and added atomic file write with restricted permissions for identity storage.
@humandebri
Remove callback port override and make login browser open cross-platform
ee53ed4
@humandebri
Refactor identity management to use dfx identities instead of keychai…
7cc47f3 
…n. Updated documentation and examples to reflect changes in identity handling. Removed unused dependencies and cleaned up Cargo.lock.
@humandebri
Improve login UX for port conflicts and fix Content-Length
8d128f6
@humandebri
Refactor identity management to utilize the keychain for storing iden…
9f6fb61 
…tities instead of dfx identity files. Updated related documentation and examples to reflect this change, including adjustments to the CLI and Rust code for improved keychain integration. Added new dependencies in Cargo.toml and updated Cargo.lock accordingly.
@humandebri
Update dependencies in Cargo.lock and refactor AgentFactory to stream…
053ef04 
…line identity management. Removed AuthMode enum and adjusted related code for improved clarity and functionality. Updated CLI and Rust code to reflect these changes.
@humandebri
fix login identity handling
5e4511f
@humandebri
fix: clean up clippy warnings
9116da8
@ClankPan
Copy link
Collaborator

ClankPan commented Jan 5, 2026

@humandebri

That’s awesome—thank you for the PR!
I’m looking through your code, but it’s a bit tricky to follow. Could you clarify how the CLI logs in via Internet Identity? It would really help if you could add an architecture overview and some comments so I can understand the flow better.

@humandebri
Copy link
Author

humandebri commented Jan 5, 2026

Thanks for the review! I’ve added a short architecture overview in ii-login-architecture.mdand expanded inline comments in the II login flow.
I also replaced the custom HTTP server with axum, implemented CSRF-style state validation, added a 5‑minute timeout, and ensured the callback server only accepts a single successful request.
For safety, the callback now enforces Content-Length, JSON Content-Type, and a 256KB body limit. I also renamed the module to make the II-specific login clearer.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@humandebri @ClankPan