Skip to content

docs(internet-identity): use mo:identity-attributes for the Motoko attribute flow#206

Merged
raymondk merged 8 commits into
mainfrom
docs/ii-attributes-motoko-library
Jun 4, 2026
Merged

docs(internet-identity): use mo:identity-attributes for the Motoko attribute flow#206
raymondk merged 8 commits into
mainfrom
docs/ii-attributes-motoko-library

Conversation

@sea-snake
Copy link
Copy Markdown
Contributor

@sea-snake sea-snake commented Jun 3, 2026

Summary

Updates the internet-identity skill's identity-attributes guidance to use the mo:identity-attributes mixin on the Motoko side, and reframes the frontend + Rust backend around the library's two-method protocol (_internet_identity_sign_in_start / _internet_identity_sign_in_finish) so a single frontend works against either backend.

Changes

  • Prerequisites / compatibility: mo:identity-attributes >= 0.4.0 (pulls mo:core >= 2.5.0; needs moc >= 1.6.0 for include).
  • Frontend (AuthClient): nonce, sign-in, and requestAttributes run in parallel (nonce passed as a promise); requests name + verified_email; checks the { ok }/{ err } result from _internet_identity_sign_in_finish.
  • Motoko backend: include IdentityAttributes({ onVerified }) replaces the hand-rolled ICRC-3 decode + lookup helpers.
  • Rust backend: implements the same two methods by hand (manual ICRC-3 decode, explicit signer/origin/nonce/freshness checks), explicitly mirroring what the library does internally — there is no Rust library yet.
  • Env vars: the Motoko path now documents frontend_origins (+ optional trusted_sso_domains) alongside trusted_attribute_signers.
  • Pitfalls Fix round 7: canister_self, StableCell<Principal>, evm-rpc import path #9/Rewrite https-outcalls Rust for ic-cdk 0.18 API #10 updated to reference the library and the protocol method names.
  • Evals: updated the admin-allowlist case (Motoko now via the mixin) and added a new case for the Motoko mixin pattern.

Verification

  • node scripts/check-project.js passes (metadata + eval schema).
  • The repo's skill-validator check could not run in the sandbox: the npm name skill-validator resolves to an unrelated package with no check subcommand. CI runs the real agent-ecosystem/skill-validator. Code-fence balance and frontmatter were verified manually.
  • Output-eval suite not re-run (recommended-not-required for improvements; needs the claude CLI per case).

@sea-snake @claude
docs(internet-identity): use mo:identity-attributes for the Motoko at…
dd67c8b 
…tribute flow

Switch the Internet Identity attribute-verification guidance to the
mo:identity-attributes mixin on the Motoko side, and reframe the frontend and
Rust backend around the library's two-method protocol
(_internet_identity_sign_in_start / _internet_identity_sign_in_finish) so a
single frontend works against either backend.

- Prerequisites/compatibility: mo:identity-attributes >= 0.4, moc >= 1.6.0.
- Frontend: parallel nonce-as-promise + sign-in + attributes; request
  name/verified_email; check the ok/err result.
- Motoko backend: include IdentityAttributes({ onVerified }).
- Rust backend: hand-implements the same two methods (manual ICRC-3 decode,
  signer/origin/nonce/freshness checks), mirroring the library.
- Pitfalls #9/#10 and the admin-allowlist eval updated; new eval for the
  Motoko mixin.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@sea-snake sea-snake requested review from a team and JoshDFN as code owners June 3, 2026 15:45
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Jun 3, 2026
edited
Loading

Skill Validation Report

Validating skill: /home/runner/work/icskills/icskills/skills/internet-identity

Structure

  • Pass: SKILL.md found

Frontmatter

  • Pass: name: "internet-identity" (valid)
  • Pass: description: (325 chars)
  • Pass: license: "Apache-2.0"
  • Pass: compatibility: (45 chars)
  • Pass: metadata: (2 entries)

Tokens

  • Warning: SKILL.md body is 6666 tokens (spec recommends < 5000)

Markdown

  • Pass: no unclosed code fences found

Tokens

File Tokens
SKILL.md body 6,666
Total 6,666

Content Analysis

Metric Value
Word count 3,537
Code block ratio 0.35
Imperative ratio 0.07
Information density 0.21
Instruction specificity 0.94
Sections 14
List items 37
Code blocks 8

Contamination Analysis

Metric Value
Contamination level low
Contamination score 0.14
Primary language category config
Scope breadth 3
  • Warning: Language mismatch: javascript, systems (2 categories differ from primary)

Result: 1 warning

Project Checks


✓ Project checks passed for 1 skills (0 warnings)

sea-snake and others added 7 commits June 3, 2026 18:10
@sea-snake @claude
docs(internet-identity): drop redundant anonymous-caller check from t…
933db18 
…he Rust example

verified_attributes already rejects callers without a trusted II bundle, so the inline anonymous check duplicated the Backend: Access Control guidance. Mirrors the mo:identity-attributes mixin, which has no separate check.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@sea-snake @claude
docs(internet-identity): describe the nonce as single-use, not action…
322261c 
…-scoped

With the fixed _internet_identity_sign_in_start/finish methods the nonce binds one sign-in handshake; it is not tied to a named action or user. Reword the replay-protection notes accordingly.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@sea-snake @claude
docs(internet-identity): drop compiler-internals comment from the Mot…
d54551a 
…oko example

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@sea-snake @claude
docs(internet-identity): trim incidental implementation asides from t…
8d32bc6 
…he attribute examples

Drop the nonce-keying rationale, the raw_rand location comment (the call is right there), and verbose upgrade/heap wording. Keep only purposeful comments.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@sea-snake @claude
docs(internet-identity): remove the no-anonymous-check comment from t…
ff0d1c3 
…he Rust example

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@sea-snake @claude
docs(internet-identity): fold the nonce-storage note into the Rust su…
71451e4 
…bsection

Nonce storage is a Rust-only concern (the mo:identity-attributes library handles it), so drop the standalone heading and keep a trimmed note at the end of the Rust example.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@sea-snake @claude
docs(internet-identity): match the library README (profiles.add/get) …
85acec1 
…and drop the nonce-storage note

Use the method-call form from the mo:identity-attributes README instead of Map.add/Map.get, and remove the storing-the-nonce note.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@raymondk raymondk merged commit bd5c189 into main Jun 4, 2026
6 checks passed
@raymondk raymondk deleted the docs/ii-attributes-motoko-library branch June 4, 2026 18:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@raymondk raymondk raymondk approved these changes

@JoshDFN JoshDFN Awaiting requested review from JoshDFN JoshDFN is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sea-snake @raymondk