Merge branch 'main' into sea-snake/verified-email

Author: sea-snake

.github/workflows/canister-tests.yml

@@ -528,7 +528,8 @@ jobs:
           # NOTE: dfx install will run the postinstall scripts from dfx.json
           dfx canister install internet_identity --wasm internet_identity_test.wasm.gz --argument "(opt record { captcha_config = opt record { max_unsolved_captchas= 50:nat64; captcha_trigger = variant {Static = variant { CaptchaDisabled }}}; related_origins = opt vec { \"https://id.ai\"; \"https://identity.ic0.app\"; \"https://identity.internetcomputer.org\" }; new_flow_origins = opt vec { \"https://id.ai\" }; dummy_auth = opt opt record { prompt_for_index = true }; openid_configs = opt vec { ${{ steps.openid-configs.outputs.OPENID_CONFIGS }} } })"
           if [ "${{ matrix.canister == 'split' }}" = "true" ]; then
-            dfx canister install internet_identity_frontend --wasm internet_identity_frontend_test.wasm.gz
+            II_CANISTER_ID=$(dfx canister id internet_identity)
+            dfx canister install internet_identity_frontend --wasm internet_identity_frontend_test.wasm.gz --argument "(record { backend_canister_id = principal \"$II_CANISTER_ID\"; backend_origin = \"https://backend.id.ai\"; related_origins = opt vec { \"https://id.ai\"; \"https://identity.ic0.app\"; \"https://identity.internetcomputer.org\" }; dummy_auth = opt opt record { prompt_for_index = true } })"
           fi
           dfx canister install test_app --wasm demos/test-app/test_app.wasm
 

dfx.json

@@ -5,6 +5,7 @@
       "candid": "src/internet_identity_frontend/internet_identity_frontend.did",
       "wasm": "internet_identity_frontend.wasm.gz",
       "build": "bash -c 'II_DEV_CSP=1 II_FETCH_ROOT_KEY=1 II_DUMMY_CAPTCHA=${II_DUMMY_CAPTCHA:-1} scripts/build --frontend'",
+      "init_arg_file": "src/internet_identity_frontend/local_test_arg.did",
       "shrink": false
     },
     "internet_identity": {
@@ -27,9 +28,7 @@
       "wasm": "demos/vc_issuer/vc_demo_issuer.wasm.gz",
       "build": "demos/vc_issuer/build.sh",
       "post_install": "bash -c 'demos/vc_issuer/provision'",
-      "dependencies": [
-        "internet_identity"
-      ]
+      "dependencies": ["internet_identity"]
     }
   },
   "defaults": {
@@ -39,4 +38,4 @@
   },
   "dfx": "0.29.0",
   "version": 1
-}
+}

src/frontend/src/lib/legacy/flows/dappsExplorer/dapps.json

@@ -631,7 +631,13 @@
     "name": "Demo App",
     "oneLiner": "Experience next-gen decentralized authentication.",
     "website": "https://try.id.ai",
-    "logo": "try-id-ai.svg"
+    "authOrigins": [
+      "https://try.id.ai",
+      "https://vt36r-2qaaa-aaaad-aad5a-cai.icp0.io",
+      "https://4mteh-mqaaa-aaaad-adnaa-cai.icp0.io"
+    ],
+    "logo": "try-id-ai.svg",
+    "certified_attributes": true
   },
   {
     "name": "Caffeine",
@@ -645,12 +651,5 @@
     "logo": "caffeine_logo.svg",
     "logoDark": "caffeine_logo_dark.svg",
     "certified_attributes": true
-  },
-  {
-    "name": "Direct OpenID Sign-In",
-    "oneLiner": "Direct OpenID sign-in test app",
-    "website": "https://4mteh-mqaaa-aaaad-adnaa-cai.icp0.io",
-    "logo": "try-id-ai.svg",
-    "certified_attributes": true
   }
 ]

src/internet_identity_frontend/Cargo.toml

@@ -9,7 +9,7 @@ internet_identity_interface.workspace = true
 serde_bytes.workspace = true
 
 # IC canister dependencies
-candid.workspace = true
+candid = { workspace = true, features = ["value"] }
 ic-cdk.workspace = true
 ic-cdk-macros.workspace = true
 

src/internet_identity_frontend/internet_identity_frontend.did

@@ -47,27 +47,15 @@ type DummyAuthConfig = record {
     prompt_for_index : bool;
 };
 
-type OpenIdConfig = record {
-    name : text;
-    logo : text;
-    issuer : text;
-    client_id : text;
-    jwks_uri : text;
-    auth_uri : text;
-    auth_scope : vec text;
-    fedcm_uri : opt text;
-};
-
 type InternetIdentityFrontendInit = record {
-    backend_canister_id : opt principal;
-    backend_origin : opt text;
+    backend_canister_id : principal;
+    backend_origin : text;
     related_origins : opt vec text;
     fetch_root_key : opt bool;
     analytics_config : opt opt AnalyticsConfig;
     dummy_auth : opt opt DummyAuthConfig;
-    openid_configs : opt vec OpenIdConfig;
 };
 
-service : (opt InternetIdentityFrontendInit) -> {
+service : (InternetIdentityFrontendInit) -> {
     http_request : (request : HttpRequest) -> (HttpResponse) query;
 };

src/internet_identity_frontend/local_test_arg.did

@@ -0,0 +1,12 @@
+(
+  record {
+    backend_canister_id = principal "uxrrr-q7777-77774-qaaaq-cai";
+    backend_origin = "http://uxrrr-q7777-77774-qaaaq-cai.localhost:4943";
+    related_origins = opt vec {
+      "http://u6s2n-gx777-77774-qaaba-cai.localhost:4943";
+    };
+    fetch_root_key = null;
+    analytics_config = null;
+    dummy_auth = null;
+  },
+)

src/internet_identity_frontend/src/main.rs

@@ -1,17 +1,16 @@
 use asset_util::{collect_assets, Asset as AssetUtilAsset, ContentEncoding, ContentType};
 use base64::engine::general_purpose::STANDARD as BASE64;
 use base64::Engine;
-use candid::{Encode, Principal};
+use candid::{Encode, IDLValue};
 use flate2::read::GzDecoder;
 use ic_asset_certification::{Asset, AssetConfig, AssetEncoding, AssetRouter};
 use ic_cdk::{init, post_upgrade};
 use ic_cdk_macros::query;
 use ic_http_certification::{HeaderField, HttpCertificationTree, HttpRequest, HttpResponse};
 use include_dir::{include_dir, Dir};
 use internet_identity_interface::internet_identity::types::{
-    DummyAuthConfig, InternetIdentityFrontendInit, InternetIdentityInit,
+    InternetIdentityFrontendArgs, InternetIdentityInit,
 };
-use lazy_static::lazy_static;
 use serde_json::json;
 use sha2::Digest;
 use std::io::Read;
@@ -25,56 +24,19 @@ thread_local! {
 static ASSETS_DIR: Dir<'_> = include_dir!("$CARGO_MANIFEST_DIR/../../dist");
 const IMMUTABLE_ASSET_CACHE_CONTROL: &str = "public, max-age=31536000, immutable";
 const NO_CACHE_ASSET_CACHE_CONTROL: &str = "public, no-cache, no-store";
-const MISSING_MANDATORY_INTERNET_IDENTITY_FRONTEND_INSTALL_ARGS_HTML_ERROR: &str =
-    "<!doctype html>\
-    <html>\
-    <head><title>Internet Identity Frontend Initialization Error</title></head>\
-    <body><h1>Internet Identity Frontend Initialization Error</h1>\
-    <p>
-    Please initialize this canister with the following required install args:
-    <ul>
-    <li>backend_canister_id</li>
-    <li>backend_origin</li>
-    </ul>
-    </p>\
-    </body></html>";
-
-// Default configuration for the frontend canister
-lazy_static! {
-    // TODO: Change this to the mainnet value `rdmx6-jaaaa-aaaaa-aaadq-cai` before deploying to mainnet.
-    static ref DEFAULT_INTERNET_IDENTITY_BACKEND_CANISTER_ID: Principal =
-        Principal::from_text("uxrrr-q7777-77774-qaaaq-cai").unwrap();
-
-    static ref DEFAULT_CONFIG: InternetIdentityFrontendInit = InternetIdentityFrontendInit {
-        backend_canister_id: Some(*DEFAULT_INTERNET_IDENTITY_BACKEND_CANISTER_ID),
-        backend_origin: Some("https://backend.id.ai".to_string()),
-        related_origins: Some(vec![
-            "https://id.ai".to_string(),
-            "https://identity.internetcomputer.org".to_string(),
-            "https://identity.ic0.app".to_string(),
-        ]),
-        openid_configs: None,
-        dummy_auth: Some(Some(DummyAuthConfig {
-            prompt_for_index: true
-        })),
-        fetch_root_key: None,
-        analytics_config: None,
-    };
-}
 
 #[init]
-fn init(init_arg: Option<InternetIdentityFrontendInit>) {
-    let config = init_arg.unwrap_or_else(|| DEFAULT_CONFIG.clone());
-    certify_all_assets(config);
+fn init(args: InternetIdentityFrontendArgs) {
+    certify_all_assets(args);
 }
 
 #[post_upgrade]
-fn post_upgrade() {
-    init(None);
+fn post_upgrade(args: InternetIdentityFrontendArgs) {
+    certify_all_assets(args);
 }
 
-fn certify_all_assets(init: InternetIdentityFrontendInit) {
-    let static_assets = get_static_assets(&init);
+fn certify_all_assets(args: InternetIdentityFrontendArgs) {
+    let static_assets = get_static_assets(&args);
 
     // 2. Extract integrity hashes for inline scripts from HTML files
     let integrity_hashes = static_assets
@@ -137,7 +99,7 @@ fn certify_all_assets(init: InternetIdentityFrontendInit) {
                         vec![AssetEncoding::Identity.default_config()]
                     };
 
-                    let headers = if path.starts_with("_app/immutable") {
+                    let headers = if path.starts_with("/_app/immutable") {
                         (
                             "cache-control".to_string(),
                             IMMUTABLE_ASSET_CACHE_CONTROL.to_string(),
@@ -333,7 +295,7 @@ fn get_content_security_policy(integrity_hashes: Vec<String>) -> String {
 }
 
 /// Gets the static assets with HTML fixup and well-known endpoints
-fn get_static_assets(config: &InternetIdentityFrontendInit) -> Vec<AssetUtilAsset> {
+fn get_static_assets(config: &InternetIdentityFrontendArgs) -> Vec<AssetUtilAsset> {
     // Collect assets and fix up HTML files
     let mut assets: Vec<AssetUtilAsset> = collect_assets(&ASSETS_DIR, None)
         .into_iter()
@@ -347,6 +309,18 @@ fn get_static_assets(config: &InternetIdentityFrontendInit) -> Vec<AssetUtilAsse
         })
         .collect();
 
+    // Serve the initialization argument of this canister as a Candid file
+    assets.push(AssetUtilAsset {
+        url_path: "/.config".to_string(),
+        content: IDLValue::try_from_candid_type(config)
+            .unwrap()
+            .to_string()
+            .as_bytes()
+            .to_vec(),
+        encoding: ContentEncoding::Identity,
+        content_type: ContentType::TXT,
+    });
+
     // Add .well-known/ic-domains for custom domain support
     let ic_domains_content = b"identity.internetcomputer.org\nbeta.identity.ic0.app\nbeta.identity.internetcomputer.org\nid.ai\nbeta.id.ai\nwww.id.ai".to_vec();
     assets.push(AssetUtilAsset {
@@ -375,18 +349,14 @@ fn get_static_assets(config: &InternetIdentityFrontendInit) -> Vec<AssetUtilAsse
 }
 
 /// Fix up HTML pages by injecting canister ID and canister config
-fn fixup_html(html: &str, config: &InternetIdentityFrontendInit) -> String {
-    // The backend canister ID is now included in the config, but we also set data-canister-id for backward compatibility.
-    let (Some(backend_canister_id), Some(backend_origin)) =
-        (&config.backend_canister_id, &config.backend_origin)
-    else {
-        return MISSING_MANDATORY_INTERNET_IDENTITY_FRONTEND_INSTALL_ARGS_HTML_ERROR.to_string();
-    };
+fn fixup_html(html: &str, config: &InternetIdentityFrontendArgs) -> String {
+    let backend_canister_id = config.backend_canister_id;
+    let backend_origin = config.backend_origin.clone();
 
     let html = html.replace(
         "</head>",
         &format!(
-            r#"<link rel="preload" href="{backend_origin}/.config.did.bin" as="fetch"></head>"#,
+            r#"<link rel="preload" href="{backend_origin}/.config.did.bin" crossorigin="anonymous" fetchpriority="high" as="fetch"></head>"#,
         ),
     );
 
@@ -395,10 +365,11 @@ fn fixup_html(html: &str, config: &InternetIdentityFrontendInit) -> String {
     let config = InternetIdentityInit::from(config.clone());
     let encoded_config = BASE64.encode(Encode!(&config).unwrap());
 
+    // The backend canister ID is now included in the config, but we also set data-canister-id for backward compatibility.
     let html = html.replace(
         r#"<body "#,
         &format!(
-            r#"<body data-canister-id="{backend_canister_id}" data-canister-config="{encoded_config}" "#
+            r#"<body data-canister-id="{backend_canister_id}" data-canister-config="{encoded_config}" "#,
         ),
     );
 

src/internet_identity_interface/src/internet_identity/types.rs

@@ -207,41 +207,40 @@ pub struct AnchorCredentials {
 ///
 /// Some fields, like `analytics_config`, have an additional nested `Option<>`, this indicates
 /// enable/disable status (e.g. `Some(None)` disables a feature while `None` leaves it untouched).
-#[derive(Clone, Debug, CandidType, Deserialize, Default, Eq, PartialEq)]
-pub struct InternetIdentityFrontendInit {
-    pub backend_canister_id: Option<Principal>,
+#[derive(Clone, Debug, CandidType, Serialize, Deserialize, Eq, PartialEq)]
+pub struct InternetIdentityFrontendArgs {
+    pub backend_canister_id: Principal,
     /// For example, "https://backend.id.ai" (no trailing slash)
-    pub backend_origin: Option<String>,
+    pub backend_origin: String,
+
     pub related_origins: Option<Vec<String>>,
-    pub openid_configs: Option<Vec<OpenIdConfig>>,
     pub fetch_root_key: Option<bool>,
     pub analytics_config: Option<Option<AnalyticsConfig>>,
     pub dummy_auth: Option<Option<DummyAuthConfig>>,
 }
 
-impl From<InternetIdentityFrontendInit> for InternetIdentityInit {
-    fn from(value: InternetIdentityFrontendInit) -> Self {
-        let InternetIdentityFrontendInit {
+impl From<InternetIdentityFrontendArgs> for InternetIdentityInit {
+    fn from(value: InternetIdentityFrontendArgs) -> Self {
+        let InternetIdentityFrontendArgs {
             backend_canister_id,
             backend_origin,
             fetch_root_key,
             analytics_config,
             dummy_auth,
             related_origins,
-            openid_configs,
         } = value;
 
         Self {
-            backend_canister_id,
-            backend_origin,
+            backend_canister_id: Some(backend_canister_id),
+            backend_origin: Some(backend_origin),
 
             fetch_root_key,
             analytics_config,
             dummy_auth,
             related_origins,
 
-            // TODO: pull this config field from the backend and set it to None here.
-            openid_configs,
+            // This config field is pulled in the frontend from the backend
+            openid_configs: None,
 
             // Config fields not used by the frontend
             canister_creation_cycles_cost: None,
@@ -340,7 +339,7 @@ pub struct CaptchaConfig {
     pub captcha_trigger: CaptchaTrigger,
 }
 
-#[derive(Clone, Debug, CandidType, Deserialize, Eq, PartialEq)]
+#[derive(Clone, Debug, CandidType, Serialize, Deserialize, Eq, PartialEq)]
 pub enum AnalyticsConfig {
     Plausible {
         // Config params from Plausible NPM package
@@ -398,7 +397,7 @@ pub enum OpenIdEmailVerification {
     Microsoft,
 }
 
-#[derive(Clone, Debug, CandidType, Deserialize, Default, Eq, PartialEq)]
+#[derive(Clone, Debug, CandidType, Serialize, Deserialize, Default, Eq, PartialEq)]
 pub struct OpenIdConfig {
     pub name: String,
     pub logo: String,
@@ -512,7 +511,7 @@ pub enum AccountNameValidationError {
     NameTooLong,
 }
 
-#[derive(Clone, Debug, CandidType, Deserialize, Default, Eq, PartialEq)]
+#[derive(Clone, Debug, CandidType, Serialize, Deserialize, Default, Eq, PartialEq)]
 pub struct DummyAuthConfig {
     pub prompt_for_index: bool,
 }