docs(internet-identity): use mo:identity-attributes for the Motoko attribute flow#206
Merged
Merged
Conversation
…tribute flow
Switch the Internet Identity attribute-verification guidance to the
mo:identity-attributes mixin on the Motoko side, and reframe the frontend and
Rust backend around the library's two-method protocol
(_internet_identity_sign_in_start / _internet_identity_sign_in_finish) so a
single frontend works against either backend.
- Prerequisites/compatibility: mo:identity-attributes >= 0.4, moc >= 1.6.0.
- Frontend: parallel nonce-as-promise + sign-in + attributes; request
name/verified_email; check the ok/err result.
- Motoko backend: include IdentityAttributes({ onVerified }).
- Rust backend: hand-implements the same two methods (manual ICRC-3 decode,
signer/origin/nonce/freshness checks), mirroring the library.
- Pitfalls #9/#10 and the admin-allowlist eval updated; new eval for the
Motoko mixin.
Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
Skill Validation ReportValidating skill: /home/runner/work/icskills/icskills/skills/internet-identityStructure
Frontmatter
Tokens
Markdown
Tokens
Content Analysis
Contamination Analysis
Result: 1 warning Project Checks |
…he Rust example verified_attributes already rejects callers without a trusted II bundle, so the inline anonymous check duplicated the Backend: Access Control guidance. Mirrors the mo:identity-attributes mixin, which has no separate check. Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
…-scoped With the fixed _internet_identity_sign_in_start/finish methods the nonce binds one sign-in handshake; it is not tied to a named action or user. Reword the replay-protection notes accordingly. Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
…oko example Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
…he attribute examples Drop the nonce-keying rationale, the raw_rand location comment (the call is right there), and verbose upgrade/heap wording. Keep only purposeful comments. Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
…he Rust example Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
…bsection Nonce storage is a Rust-only concern (the mo:identity-attributes library handles it), so drop the standalone heading and keep a trimmed note at the end of the Rust example. Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
…and drop the nonce-storage note Use the method-call form from the mo:identity-attributes README instead of Map.add/Map.get, and remove the storing-the-nonce note. Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
raymondk
approved these changes
Jun 4, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Updates the
internet-identityskill's identity-attributes guidance to use themo:identity-attributesmixin on the Motoko side, and reframes the frontend + Rust backend around the library's two-method protocol (_internet_identity_sign_in_start/_internet_identity_sign_in_finish) so a single frontend works against either backend.Changes
compatibility:mo:identity-attributes>= 0.4.0 (pullsmo:core>= 2.5.0; needsmoc>= 1.6.0 forinclude).requestAttributesrun in parallel (nonce passed as a promise); requestsname+verified_email; checks the{ ok }/{ err }result from_internet_identity_sign_in_finish.include IdentityAttributes({ onVerified })replaces the hand-rolled ICRC-3 decode + lookup helpers.frontend_origins(+ optionaltrusted_sso_domains) alongsidetrusted_attribute_signers.Verification
node scripts/check-project.jspasses (metadata + eval schema).skill-validator checkcould not run in the sandbox: the npm nameskill-validatorresolves to an unrelated package with nochecksubcommand. CI runs the realagent-ecosystem/skill-validator. Code-fence balance and frontmatter were verified manually.claudeCLI per case).