Releases: dfinity/internet-identity
release-2026-03-16: Fix discoverable passkey creation
This is Internet Identity release release-2026-03-16 for commit 36d1ef7c30edfd5982913ffa514ddd3c9202557a.
What's Changed
- fix: The borc decode dependency takes Uint8Array instead of ArrayBuffer by @sea-snake in #3682
Full Changelog: release-2026-03-13...release-2026-03-16
Artifacts
Wasm Verification
To build the wasm modules yourself and verify their hashes, run the following commands from the root of the Internet Identity repository:
git pull # to ensure you have the latest changes.
git checkout 36d1ef7c30edfd5982913ffa514ddd3c9202557a
./scripts/verify-hash \
--ii-hash a33119672743bb5056f1a4aa05d8878e944d7c2c3ef687dd0159536d9afec9a6 \
--iife-hash f1e53c9f0799425e5bd18768d9b48108b7ac246983a149f8aee3d47394f4d653
Make sure to compare the hashes also with the proposal payload when verifying canister upgrade proposals.
Contributors
Assets 12
release-2026-03-13: More languages and various improvements
This is Internet Identity release release-2026-03-13 for commit 03fb0dded591334df542cc9d2d48d9f8808e8744.
This release introduces more languages and various improvements.
What's Changed
- feat: Support II origins with up to 100 bytes by @aterga in #3662
- chore: Remove legacy frontend by @sea-snake in #3657
- chore: Remove dfinity utils by @sea-snake in #3663
- feat: Add Urdu language, fix RTL and update existing languages by @sea-snake in #3665
- test: Rewrite e2e test for upgrade flow by @sea-snake in #3660
- Add French, Italian, Polish translations and improve Urdu by @sea-snake in #3667
- chore: Force-sync all indices in
sync_anchor_indicesby @aterga in #3659 - chore: Update dependencies by @sea-snake in #3666
- chore: improve German translations by @marc0olo in #3668
- chore: Update Urdu translations and add credits by @sea-snake in #3675
- chore: Cleanup the repo before releasing by @aterga in #3678
New Contributors
Full Changelog: release-2026-03-09...release-2026-03-13
Artifacts
Wasm Verification
To build the wasm modules yourself and verify their hashes, run the following commands from the root of the Internet Identity repository:
git pull # to ensure you have the latest changes.
git checkout cd36d3ca81cadd779302ce1518cdbfe0f5a5c4e7
./scripts/verify-hash \
--ii-hash 448f2c0370124da72e22b3b4462edd50a5a7be52f564311721fbc2798c70f643 \
--iife-hash 75c96d6e1c315faa73ae97148039757b4dab94054defbf567dba15f285c1f059
Make sure to compare the hashes also with the proposal payload when verifying canister upgrade proposals.
Contributors
Assets 8
release-2026-03-09: Fix CSP, allow related_origins to embed one another. (#3658)
This is Internet Identity release release-2026-03-09 for commit cd36d3ca81cadd779302ce1518cdbfe0f5a5c4e7.
The sha256 of production asset internet_identity_production.wasm.gz is df7f830c85f19dd6abea7ddfe23337f5bcae8f79f7da7481a63279ee02c41766.
This proposal fixes the upgrade flow that has been broken due to the recent II canister split.
What's Changed
- Fix CSP, allow related_origins to embed one another. by @sea-snake in #3658
Full Changelog: release-2026-03-06...release-2026-03-09
Build flavors
For more information please see the Build flavors section of the README.
Wasm Verification
To build the wasm modules yourself and verify their hashes, run the following commands from the root of the Internet Identity repository:
git pull # to ensure you have the latest changes.
git checkout cd36d3ca81cadd779302ce1518cdbfe0f5a5c4e7
./scripts/verify-hash \
--ii-hash df7f830c85f19dd6abea7ddfe23337f5bcae8f79f7da7481a63279ee02c41766 \
--iife-hash 512840ef559723cae1b6567986af7f8afb36430b7de2a57f7994dfcae6b619c1
Make sure to compare the hashes also with the proposal payload when verifying canister upgrade proposals.
Contributors
Assets 10
release-2026-03-06: Identity switcher redesign
This is Internet Identity release-2026-03-06 for commit 6f0ee38e0b6fc04666163aca61877c3f19b02d77.
The sha256 of production asset internet_identity_production.wasm.gz is 24199ec7f565f1be68c7d52b55591ad92cadf99e70c21168925237461f62ae94.
This release includes the following frontend improvements:
- An improved identity switcher (supports any number of identities, not just the three latest-used ones)
- Possibility to remove legacy passkeys (when it's safe to do so)
- Minimal guided upgrade flag
and the following backend improvements:
- Enforcing that new passkeys cannot have public keys that were already used by other passkeys
- Fixed sharing certified attributes for the Microsoft OpenID scope
What's Changed
- chore: Fix candid encoding for II upgrade args by @aterga in #3641
- feat: Switch from window.opener to BroadcastChannel by @sea-snake in #3642
- fix: OpenID popup blocked in Safari by @sea-snake in #3643
- test: Refactor fixture to allow for multiple identities by @sea-snake in #3644
- chore: Publish internet_identity_frontend.wasm.gz in CI by @aterga in #3646
- test: Refactor manage access e2e tests by @sea-snake in #3645
- Update Passkey AAGUID data by @pr-automation-bot-public[bot] in #3627
- chore: Support
--end <front|back>in PR-to-staging deployment script by @aterga in #3650 - fix: Ensure Microsoft attribute scope is not instantiated with a tenant ID during certification by @aterga in #3649
- Add OISY to direct OpenID flow attributes allowlist by @sea-snake in #3654
- feat: Redesigned identity switcher by @sea-snake in #3652
- feat: Enable removal of legacy passkeys by @sea-snake in #3647
- feat: Add minimal guided upgrade flag (collapsed by default) by @sea-snake in #3653
- feat: Remove for developers button from landing page by @sea-snake in #3656
- feat: Show identity switcher directly on mobile identity manage page by @sea-snake in #3655
- feat: Ensure passkeys cannot have duplicate pubkeys by @aterga in #3626
- chore: Adjust release process after II canister split by @aterga in #3648
Full Changelog: release-2026-02-28...release-2026-03-06
Build flavors
For more information please see the Build flavors section of the README.
Wasm Verification
To build the wasm modules yourself and verify their hashes, run the following commands from the root of the Internet Identity repository:
git pull # to ensure you have the latest changes.
git checkout 6f0ee38e0b6fc04666163aca61877c3f19b02d77
./scripts/verify-hash \
--ii-hash 24199ec7f565f1be68c7d52b55591ad92cadf99e70c21168925237461f62ae94 \
--iife-hash a5d4ee62433c92ae23769a52443675c56cf4eb964a818d5d4c118f73570cc6f7
Make sure to compare the hashes also with the proposal payload when verifying canister upgrade proposals.
Contributors
Assets 10
Internet Identity frontend — original release 2026-03-03
This is Internet Identity release release-2026-03-03 for commit 88870f56a51b3c1ecec2a5a7b592afeaff62fa1f.
The sha256 of production asset internet_identity_production.wasm.gz is fcd80501954b9472f44c78f8647cd96e6c6a3f6d7ca3fedc0d69722e5e10cd18.
What's Changed
- chore: Fix candid encoding for II upgrade args by @aterga in #3641
- feat: Switch from window.opener to BroadcastChannel by @sea-snake in #3642
- fix: OpenID popup blocked in Safari by @sea-snake in #3643
- test: Refactor fixture to allow for multiple identities by @sea-snake in #3644
- chore: Publish internet_identity_frontend.wasm.gz in CI by @aterga in #3646
Full Changelog: release-2026-02-28...release-2026-03-03
Build flavors
For more information please see the Build flavors section of the README.
Wasm Verification
To build the wasm modules yourself and verify their hashes, run the following commands from the root of the Internet Identity repository:
git pull # to ensure you have the latest changes.
git checkout 88870f56a51b3c1ecec2a5a7b592afeaff62fa1f
./scripts/verify-hash --ii-hash fcd80501954b9472f44c78f8647cd96e6c6a3f6d7ca3fedc0d69722e5e10cd18 --iife-hash 95dcd87cb5690f619dd805af818690dbf4d2fb4737c932f27208876808d09afd
Make sure to compare the hashes also with the proposal payload when verifying canister upgrade proposals.
Contributors
Assets 10
release-2026-02-28: Verified email attributes
This is Internet Identity release release-2026-02-28 for commit fde072c30605833f1783ed9f1aa6fd2743a6eafc.
The sha256 of production asset internet_identity_production.wasm.gz is fd4ecb7f579d4b3a90605c2342f105e16730f0bbae182292194ac339ccf0b66a.
This release adds support for verified email attributes that can currently be requested by apps for the Google and Microsoft scopes. For example, verified emails enable differentiating users based on their emails, not just principal IDs.
Additionally, this release prepares for the upcoming II canister split, as the new, stateless internet_identity_frontend canister is ready for reviews. Lastly, the loading screen for the 1-Click sign in flow is redesigned.
What's Changed
- feat: Update implicit OpenID attribute criteria and extend e2e tests. by @sea-snake in #3625
- chore: Split Internet Identity canister frontend by @aterga in #3536
- feat: Reduce install args for
internet_identity_frontendby @aterga in #3628 - chore: Add e2e test for split canister setup by @sea-snake in #3629
- feat: Serve synchronized II config over HTTPS by @aterga in #3632
- feat: Sync backend config with II frontend canister by @aterga in #3634
- feat: Prepare stateless II frontend canister by @aterga in #3635
- Verified email attribute by @sea-snake in #3637
- chore: Avoid hard codeing /.well-known/ic-domains by @aterga in #3638
- feat: Enable new identity attribute
verified_emailby @aterga in #3640 - feat: Redesign direct auth redirect screen by @sea-snake in #3639
Full Changelog: release-2026-02-17...release-2026-02-28
Build flavors
For more information please see the Build flavors section of the README.
Wasm Verification
To build the wasm modules yourself and verify their hashes, run the following commands from the root of the Internet Identity repository:
git pull # to ensure you have the latest changes.
git checkout fde072c30605833f1783ed9f1aa6fd2743a6eafc
./scripts/verify-hash --ii-hash fd4ecb7f579d4b3a90605c2342f105e16730f0bbae182292194ac339ccf0b66a
Make sure to compare the hashes also with the proposal payload when verifying canister upgrade proposals.
Contributors
Assets 9
release-2026-02-17: Improve post message reliability
This is Internet Identity release release-2026-02-17 for commit c14480a6691be839c622a45e8b9f36270e56faa5.
The sha256 of production asset internet_identity_production.wasm.gz is d29b6a07171dbd4f620e181e0117a744f1c87d5b0a75c0d1250de415d1fa3d37.
This release improves the reliability of the PostMessage communication protocol between applications and Internet Identity.
What's Changed
- Manually close transport channel in test app by @sea-snake in #3622
- Update Passkey AAGUID data by @pr-automation-bot-public[bot] in #3614
- Add e2e test for OpenID attributes by @sea-snake in #3623
- Increase postmessage timeout by @sea-snake in #3624
Full Changelog: release-2026-02-16...release-2026-02-17
Build flavors
For more information please see the Build flavors section of the README.
Wasm Verification
To build the wasm modules yourself and verify their hashes, run the following commands from the root of the Internet Identity repository:
git pull # to ensure you have the latest changes.
git checkout c14480a6691be839c622a45e8b9f36270e56faa5
./scripts/verify-hash --ii-hash d29b6a07171dbd4f620e181e0117a744f1c87d5b0a75c0d1250de415d1fa3d37
Make sure to compare the hashes also with the proposal payload when verifying canister upgrade proposals.
Contributors
Assets 9
release-2026-02-16: Fix ICRC-29 heartbeat in Safari
This is Internet Identity release release-2026-02-16 for commit dba38d112a74d88c42faba7720e00d3a4a772992.
The sha256 of production asset internet_identity_production.wasm.gz is f99ceba32fb61f94123f9c18e7115e485c15dfa2194c5d7110b01a3e10de8656.
This release fixes an issue related to ICRC-29 heartbeat not always working correctly in Safari due to energy saving logic specific to that web browser. Additionally, it includes a minor fix for Caffeine logo.
What's Changed
- Fix dark dapp logo in direct OpenID flow by @sea-snake in #3621
- Fix ICRC-29 heartbeat in Safari by @sea-snake in #3620
Full Changelog: release-2026-02-13...release-2026-02-16
Build flavors
For more information please see the Build flavors section of the README.
Wasm Verification
To build the wasm modules yourself and verify their hashes, run the following commands from the root of the Internet Identity repository:
git pull # to ensure you have the latest changes.
git checkout dba38d112a74d88c42faba7720e00d3a4a772992
./scripts/verify-hash --ii-hash f99ceba32fb61f94123f9c18e7115e485c15dfa2194c5d7110b01a3e10de8656
Make sure to compare the hashes also with the proposal payload when verifying canister upgrade proposals.
Contributors
Assets 9
release-2026-02-13: Show upgrade banner for legacy domains
This is Internet Identity release release-2026-02-13 for commit 8973fd482899748e4f0ca5b557159fc5f7440b98.
The sha256 of production asset internet_identity_production.wasm.gz is 76f9d70cdd3e6c9e58511e53952946d2e6af04441ac59321aa65726b190022b2.
This release fixes the upgrade banner for legacy domains, making sure it's shown when dapps are integrating with a legacy domain. Additionally e2e tests have been added to cover the legacy domains, a new Plausible funnel was added for the direct OpenID authentication flow and the page view logic has been fixed to get a more accurate bounce rate.
What's Changed
- Add e2e tests for legacy domain redirects and enable upgrade banner for legacy domains by @sea-snake in #3617
- Add direct OpenID funnel by @aterga in #3618
- Fix bounce rate from redirect and callback flows by @sea-snake in #3619
Full Changelog: release-2026-02-10...release-2026-02-13
Build flavors
For more information please see the Build flavors section of the README.
Wasm Verification
To build the wasm modules yourself and verify their hashes, run the following commands from the root of the Internet Identity repository:
git pull # to ensure you have the latest changes.
git checkout 8973fd482899748e4f0ca5b557159fc5f7440b98
./scripts/verify-hash --ii-hash 76f9d70cdd3e6c9e58511e53952946d2e6af04441ac59321aa65726b190022b2
Make sure to compare the hashes also with the proposal payload when verifying canister upgrade proposals.
Contributors
Assets 9
release-2026-02-10: Certified OpenID attributes (pilot feature)
This is Internet Identity release release-2026-02-10 for commit e1369f5b896540ed47b6e841ae9ac40c3a968716.
The sha256 of production asset internet_identity_production.wasm.gz is e32532501b36e1a8cc850e3d6cfbe64627b137c6023351be7759fbf33493a31b.
This release prepares id.ai for handing certified OpenID attributes. Since the design around this feature may still evolve in the coming weeks, this release enables it as a pilot and only for the Caffeine app.
Additionally, the protocol used by apps to communicate with Internet Identity has been refactored and cleaned up.
What's Changed
- Rewrite communication transport implementation, split it from authorization by @sea-snake in #3612
- Implement certified attributes request handler. by @sea-snake in #3615
- Updated legacy redirect flow by @sea-snake in #3616
Full Changelog: release-2026-02-06...release-2026-02-10
Build flavors
For more information please see the Build flavors section of the README.
Wasm Verification
To build the wasm modules yourself and verify their hashes, run the following commands from the root of the Internet Identity repository:
git pull # to ensure you have the latest changes.
git checkout e1369f5b896540ed47b6e841ae9ac40c3a968716
./scripts/verify-hash --ii-hash e32532501b36e1a8cc850e3d6cfbe64627b137c6023351be7759fbf33493a31b
Make sure to compare the hashes also with the proposal payload when verifying canister upgrade proposals.