Add and remove OpenID credentials from anchor #2810
Conversation
…ent methods to add/remove OpenID credential.
- Lookup anchor number by OpenID credential in stable structures. - Anchor management methods to add/remove OpenID credentials
…ve-from-anchor' into sea-snake/openid-google-add-remove-from-anchor
|
@sea-snake after sleeping over this new memory, I can't find a reason not to move forward. Looks good to me! Let me know when the PR is ready for the final review. |
…ve-from-anchor' into sea-snake/openid-google-add-remove-from-anchor
| pub fn update_openid_credential( | ||
| anchor: &mut Anchor, | ||
| openid_credential: OpenIdCredential, | ||
| ) -> Result<(), AnchorError> { |
There was a problem hiding this comment.
There is probably a good reason and might be related to how it's going to be used later, but I just wanted to point out that the update here is seemingly inconsistent with add/remove in terms of return type, and also different from add/remove/update for devices.
There was a problem hiding this comment.
Yeah that's intentional, compared to updating a device, updating a credential doesn't result in any operation that needs to be stored in the archive canister. This is because a device its metadata can change after user action e.g. alias change while an OpenID credential will be updated on every JWT verification (to keep latest claims from OpenID provider stored).
Additionally, I intentionally only keep track of the issuer in operations for the archive canister, anything beyond that would likely impact a user's privacy. This data is enough to keep track of adoption of a given OpenId without knowing details beyond that.
…ve-from-anchor' into sea-snake/openid-google-add-remove-from-anchor
…ve-from-anchor' into sea-snake/openid-google-add-remove-from-anchor
| @@ -5,7 +5,7 @@ | |||
| "candid": "src/internet_identity/internet_identity.did", | |||
| "wasm": "internet_identity.wasm.gz", | |||
| "build": "bash -c 'II_DEV_CSP=1 II_FETCH_ROOT_KEY=1 II_DUMMY_CAPTCHA=${II_DUMMY_CAPTCHA:-1} scripts/build'", | |||
| "init_arg": "(opt record { captcha_config = opt record { max_unsolved_captchas= 50:nat64; captcha_trigger = variant {Static = variant {CaptchaDisabled}}}})", | |||
| "init_arg": "(opt record { captcha_config = opt record { max_unsolved_captchas= 50:nat64; captcha_trigger = variant {Static = variant {CaptchaDisabled}}}; openid_google = opt opt record { client_id = \"45431994619-cbbfgtn7o0pp0dpfcg2l66bc4rcg7qbu.apps.googleusercontent.com\" }})", | |||
There was a problem hiding this comment.
Is this our dev environment? Did you check with IT about the prod one?
There was a problem hiding this comment.
It's a dev environment I created, only works internally within DFINITY. This should be removed at a later point and replaced with instructions on creating a client id and configuring it with II.
Haven't gotten around to ask IT about the prod one yet, we'll need to also ask them to create others for our other environments.
…ve-from-anchor' into sea-snake/openid-google-add-remove-from-anchor
Changes
Tests
Added additional anchor tests:
Added additional storage test:
🟡 Some screens were changed