Identity equality check

[danielterwiel]

This thread on the Dfinity Discord brought me here: https://discord.com/channels/748416164832608337/1050180909053259776

I've laid out two scenarios: the green and the orange rectangles.

The green rectangle illustrates the happy flow. But then there is the path where two different identities are used for the two dApps. My issue is that: though I do have cross-tab communication (the 🕶️ dApp integrates a script) between the two windows, I have no way of knowing the identities connected in these two windows are exactly the same.

And thus I am forced to let my users reconnect, where the user shouldn't necessarily have to, if I had a way to check if the identities are identical

I can provide a minimum reproducible repo if needed.

[paulyoung]

Have you considered an intermediate step where users confirm which identity they’d like to use?

Something like where Google says “continue as” and you can choose to continue or change to use a different identity.

I suppose it depends if your motivation is to prevent people from proceeding using the wrong identity, or optimizing the flow for people who are already authenticated with the correct one.

By the way, I think the npm package you linked to must be private.

[danielterwiel]

I think what you are proposing is what I am doing right now; when the user enters the page of the payment provider I am forcing them to reconnect. If there's such a thing as an identity picker I must have missed that.

But even then: when the user connects to the payment provider with a different identity than the one which they connected to the webshop, it is technically allowed. What I'm searching for is a detection mechanism for this scenario

I believe I must emphasize that we have no control over the sunglasses dApp in the example: this is an arbitrary third party dApp that integrates our script.

I suppose it depends if your motivation is to prevent people from proceeding using the wrong identity, or optimizing the flow for people who are already authenticated with the correct one.

That's exactly the choice I am now forced to make because principals between dApps are different for the same identity, which is great for privacy of course. But I was hoping I missed something that would allow me to check if the two principals belong to the same identity.

My bad. The link is updated.

[marydwyer]

Would you like to discuss this with the identity and authentication working group? Here is the meeting information.

[danielterwiel]

@marydwyer hey! I saw this right in time. I'll be there