Skip to content

feat(fe): ICRC-3 attribute consent UI with store-driven rendering#3790

Open
sea-snake wants to merge 2 commits intosea-snake/unified-authorize-routefrom
sea-snake/attribute-consent-ui
Open

feat(fe): ICRC-3 attribute consent UI with store-driven rendering#3790
sea-snake wants to merge 2 commits intosea-snake/unified-authorize-routefrom
sea-snake/attribute-consent-ui

Conversation

@sea-snake
Copy link
Copy Markdown
Contributor

@sea-snake sea-snake commented Apr 20, 2026

When a dapp requests ICRC-3 attributes, users previously had no way to review or choose which attributes to share — everything was handled via implicit consent. This PR adds a consent UI that lets users review requested attributes, pick from available options (e.g., which provider's email to share), and deny sharing entirely.

Changes

  • Attribute consent store. Context (as a promise) and consent result, following the same pattern as the authorization store. The handler sets the context promise immediately so the UI can show a loading skeleton while attributes resolve.
  • AttributeConsentView. Renders after authorization when consent is needed. Shows attribute groups with checkboxes, a "Deny All" option, and a "Continue" button. Merges email/verified_email into a single "Email" picker — prefers the intersection of verified + plain emails, falls back to plain if no verified emails exist.
  • AttributePicker. Inline expandable dropdown for attributes with multiple options (e.g., email from different providers). Shows the selected provider's logo + value, with a "Change" button that expands the option list.
  • Implicit consent detection. Scoped OpenID attributes (name, email, verified_email) matching the user's provider are auto-consented without showing the UI. Uses pendingOpenIdIssuerStore set early in the OpenID resume flow for synchronous detection.
  • Skeleton CSS utility. Reusable .skeleton class with shimmer animation using color-mix for theme-adaptive appearance.
  • Promise-based context. The consent view {#await}s the context promise — shows skeleton while resolving, then the real content.
  • Accessible markup. <fieldset>, role="listbox"/role="option", aria-expanded, aria-selected, aria-busy on loading state.
← Previous: #3781

@sea-snake sea-snake requested a review from a team as a code owner April 20, 2026 10:36
@sea-snake sea-snake mentioned this pull request Apr 20, 2026
Open
@sea-snake sea-snake force-pushed the sea-snake/unified-authorize-route branch 2 times, most recently from 62de7bb to 0d7f581 Compare April 20, 2026 15:31
@sea-snake sea-snake force-pushed the sea-snake/attribute-consent-ui branch from 30c0b45 to 1d20f5a Compare April 20, 2026 15:35
@sea-snake sea-snake force-pushed the sea-snake/unified-authorize-route branch from 0d7f581 to 7d43bc7 Compare April 20, 2026 16:16
@sea-snake
feat(fe): ICRC-3 attribute consent UI
79ce074 
Add a consent view that lets users review and choose which attributes
to share before they are certified. The handler resolves available
attributes via list_available_attributes, then the UI presents them
with checkboxes and an optional provider picker for unscoped keys.

- Attribute consent store (context as promise + consent result)
- AttributeConsentView with skeleton loading and merged email/verified_email
- AttributePicker with inline expandable dropdown
- Implicit consent detection via pendingOpenIdIssuerStore
- Skeleton CSS utility class
- Accessible markup (fieldset, listbox, aria attributes)
@sea-snake
fix(fe): filter implicit keys via list_available_attributes before pr…
fedbaf5 
…epare
@sea-snake sea-snake force-pushed the sea-snake/attribute-consent-ui branch from 238df1c to fedbaf5 Compare April 20, 2026 16:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@sea-snake