dfinity · sea-snake · Nov 4, 2025 · Nov 4, 2025
@@ -56,7 +56,6 @@ export class AuthFlow {
     solve: (solution: string) => void;
   }>();
   #systemOverlay = $state(false);
-  #confirmationCode = $state<string>();
   #name = $state<string>();
   #jwt = $state<string>();
   #configIssuer = $state<string>();
@@ -73,10 +72,6 @@ export class AuthFlow {
     return this.#systemOverlay;
   }
 
-  get confirmationCode() {
-    return this.#confirmationCode;
-  }
-
   constructor(options?: AuthFlowOptions) {
     this.#options = {
       trackLastUsed: true,
@@ -104,14 +99,15 @@ export class AuthFlow {
         canisterId,
         session: get(sessionStore),
       });
-    await authenticationStore.set({ identity, identityNumber });
+    const authMethod = { passkey: { credentialId } };
+    await authenticationStore.set({ identity, identityNumber, authMethod });
     const info =
       await get(authenticatedStore).actor.get_anchor_info(identityNumber);
     if (this.#options.trackLastUsed) {
       lastUsedIdentitiesStore.addLastUsedIdentity({
         identityNumber,
         name: info.name[0],
-        authMethod: { passkey: { credentialId } },
+        authMethod,
         createdAtMillis: info.created_at.map(nanosToMillis)[0],
       });
     }
@@ -200,7 +196,11 @@ export class AuthFlow {
       // If the call fails, it means the OpenID user does not exist in II.
       // In that case, we register them.
       authenticationV2Funnel.trigger(AuthenticationV2Events.LoginWithOpenID);
-      await authenticationStore.set({ identity, identityNumber });
+      await authenticationStore.set({
+        identity,
+        identityNumber,
+        authMethod: { openid: { iss, sub } },
+      });
       const info =
         await get(authenticatedStore).actor.get_anchor_info(identityNumber);
       const authnMethod = info.openid_credentials[0]?.find(
@@ -310,7 +310,11 @@ export class AuthFlow {
       const identity = await authenticateWithSession({
         session: get(sessionStore),
       });
-      await authenticationStore.set({ identity, identityNumber });
+      await authenticationStore.set({
+        identity,
+        identityNumber,
+        authMethod: { passkey: { credentialId } },
+      });
       if (this.#options.trackLastUsed) {
         lastUsedIdentitiesStore.addLastUsedIdentity({
           identityNumber,
@@ -403,7 +407,11 @@ export class AuthFlow {
       authenticationV2Funnel.trigger(
         AuthenticationV2Events.SuccessfulOpenIDRegistration,
       );
-      await authenticationStore.set({ identity, identityNumber });
+      await authenticationStore.set({
+        identity,
+        identityNumber,
+        authMethod: { openid: { iss, sub } },
+      });
       const metadata: MetadataMapV2 = [];
       if (nonNullish(jwtName)) {
         metadata.push(["name", { String: jwtName }]);

@@ -8,7 +8,7 @@ import {
   lastUsedIdentitiesStore,
   type LastUsedIdentity,
 } from "$lib/stores/last-used-identities.store";
-import { findConfig, requestJWT } from "$lib/utils/openID";
+import { decodeJWT, findConfig, requestJWT } from "$lib/utils/openID";
 import { get } from "svelte/store";
 import { sessionStore } from "$lib/stores/session.store";
 import { isNullish } from "@dfinity/utils";
@@ -40,12 +40,17 @@ export class AuthLastUsedFlow {
         const credentialIds = (await this.#identityCredentials.get(
           lastUsedIdentity.identityNumber,
         )) ?? [lastUsedIdentity.authMethod.passkey.credentialId];
-        const { identity, identityNumber } = await authenticateWithPasskey({
-          canisterId,
-          session: get(sessionStore),
-          credentialIds,
+        const { identity, identityNumber, credentialId } =
+          await authenticateWithPasskey({
+            canisterId,
+            session: get(sessionStore),
+            credentialIds,
+          });
+        await authenticationStore.set({
+          identity,
+          identityNumber,
+          authMethod: { passkey: { credentialId } },
         });
-        await authenticationStore.set({ identity, identityNumber });
         lastUsedIdentitiesStore.addLastUsedIdentity(lastUsedIdentity);
         authenticationV2Funnel.trigger(
           AuthenticationV2Events.ContinueAsPasskey,
@@ -74,13 +79,18 @@ export class AuthLastUsedFlow {
           mediation: "optional",
           loginHint: lastUsedIdentity.authMethod.openid.loginHint,
         });
+        const { iss, sub } = decodeJWT(jwt);
         this.systemOverlay = false;
         const { identity, identityNumber } = await authenticateWithJWT({
           canisterId,
           session: get(sessionStore),
           jwt,
         });
-        await authenticationStore.set({ identity, identityNumber });
+        await authenticationStore.set({
+          identity,
+          identityNumber,
+          authMethod: { openid: { iss, sub } },
+        });
         lastUsedIdentitiesStore.addLastUsedIdentity(lastUsedIdentity);
         authenticationV2Funnel.addProperties({
           provider: config.name,

@@ -244,6 +244,10 @@ export class MigrationFlow {
       await authenticationStore.set({
         identity,
         identityNumber,
+        // Credential ID is currently missing, so we assign a dummy value.
+        // This placeholder will be replaced with the newly created passkey
+        // anyway once the user has completed the whole migration process.
+        authMethod: { passkey: { credentialId: new Uint8Array() } },
       });
       upgradeIdentityFunnel.trigger(
         UpgradeIdentityEvents.AuthenticationSuccessful,

@@ -125,18 +125,20 @@ export class RegisterAccessMethodFlow {
       ])
       .then(throwCanisterError);
     const identity = await authenticateWithSession({ session });
+    const authMethod = {
+      passkey: {
+        credentialId: new Uint8Array(credentialId),
+      },
+    };
     await authenticationStore.set({
       identity,
       identityNumber: this.#identityNumber,
+      authMethod,
     });
     lastUsedIdentitiesStore.addLastUsedIdentity({
       identityNumber: this.#identityNumber,
       name,
-      authMethod: {
-        passkey: {
-          credentialId: new Uint8Array(credentialId),
-        },
-      },
+      authMethod,
       createdAtMillis: this.#createdAtMillis,
     });
     return this.#identityNumber;

@@ -19,6 +19,9 @@ export interface Authenticated {
   identity: DelegationIdentity;
   agent: HttpAgent;
   actor: ActorSubclass<_SERVICE>;
+  authMethod:
+    | { passkey: { credentialId: Uint8Array } }
+    | { openid: { iss: string; sub: string } };
 }
 
 type AuthenticationStore = Readable<Authenticated | undefined> & {