This article will begin with a brief overview of what you are about to see. Then, watch the video to see it in action. Let’s start with some proposed features.
Proposed Features
- Authentication: Exclusive use of Internet Identity for login.
- Authorization:
- Restriction of application access to authorized users only.
- Implementation of role-based access control (RBAC) to manage user permissions within the application.
- Granting administrators the ability to lock/unlock user accounts.
- Remaining logged-in users active for a specified period before being logged out due to inactivity.
- User profile management: Allowing users to manage their profile settings, including language selection.
The following video demonstrates how to log into an application that is protected by Internet Identity. This application features a role-based user management module, allowing an administrator to create and manage new and existing users, to set and change the user role and language and to invite them to log in using their Internet Identity. The video provides a general overview of some proposed features.
During the initial onboarding process, first-time users receive a unique password or key, delivered either by mail or in person (not shown in the video). This measure ensures that only individuals known to the organization can log in to the application, preventing anonymous access. This is crucial for maintaining the security of a business application.
The user’s principal ID for this specific application now connects the profile to the application between frontend and backend.
After logging in, frontend applications send requests to the backend canister. Each exposed public backend function has a check function to verify the caller’s principal ID and role against active users and allowed roles to ensure only authenticated users with the correct permissions can access the application or public exposed function.
The @dfinity/auth-client JavaScript library handles the complex authentication process, allowing us to add the Internet Identity principal ID to user requests to the backend canister. This identity information, found in the caller property of Motoko shared functions, can then be utilized as needed.
Motoko’s shared functions support a simple form of caller identification that allows you to inspect the ICP principal associated with the caller of a function. Principals are a value that identify a unique user or canister. In Motoko, the shared keyword is used to declare a shared function. The shared function can also declare an optional parameter of type {caller : Principal}.
If a user’s status is set to inactive by the administrator, or his role doesn’t match the allowed roles for the called function, the user is unable to log in or does not receive meaningful responses from the backend canister. This allows the organization to maintain complete control over application access on all levels.
The user can set and switch his preferred language in his user profile, which we’ve also included in our example.
The @dfinity/agent HttpAgent’s idleTimeout setting can be used to manage the maximum duration of a user session. It is crucial to remember that this property value should be specified in milliseconds.
As highlighted in a recent X post, the strong demand for secure and seamless authentication has resulted in significant growth of Internet Identities, with over 2.67 million shown today (https://dashboard.internetcomputer.org ). This represents a 256% increase in new Internet Identities for the year 2024.
Internet Identity is experiencing strong growth in 2024 as #ICP dapps drive increased user adoption and engagement 😎 pic.twitter.com/jDjNJRZeXz
— DFINITY (@dfinity) December 3, 2024
You are excited to see it implemented? Please, share your thoughts and feedback – you can reach me at our OpenChat channel .
Sign up for our free pre-registration phase for the course Application Development Skills for the Internet Computer to be at the forefront of the topic.