feat(fe): handle ICRC-3 attribute requests in default authorize flow#3791
Merged
feat(fe): handle ICRC-3 attribute requests in default authorize flow#3791
Conversation
This was referenced Apr 20, 2026
sea-snake
force-pushed
the
sea-snake/icrc3-text-types
branch
from
0a5cf6d to
151d340
Compare
sea-snake
force-pushed
the
sea-snake/icrc3-default-flow
branch
from
1297a30 to
8d7cdb2
Compare
aterga
approved these changes
Apr 20, 2026
- Attribute values (email, name, verified_email): Blob → Text - implicit:origin: Blob → Text - implicit:issued_at_timestamp_ns: Blob (string bytes) → Nat - implicit:nonce: stays Blob (raw 32 bytes)
Reverts the silent omission behavior back to returning errors for unavailable, unscoped, mismatched, and duplicate attributes. Now that the frontend resolves attributes via list_available_attributes before calling prepare, errors should surface so bugs are caught.
sea-snake
force-pushed
the
sea-snake/icrc3-text-types
branch
from
151d340 to
f46f40f
Compare
Listen for ii-icrc3-attributes requests in the normal (non-OpenID) authorize flow. Responds with empty attributes (only implicit entries like nonce, origin, timestamp) since the user didn't authenticate via OpenID and has no attribute values to certify.
sea-snake
force-pushed
the
sea-snake/icrc3-default-flow
branch
from
8d7cdb2 to
f7fc345
Compare
aterga
pushed a commit
to timothyaterton/internet-identity
that referenced
this pull request
Apr 21, 2026
…te values (dfinity#3770) Certified attribute values were encoded as raw bytes (`Blob`) regardless of their semantic type. This changes the ICRC-3 attribute message to use the correct types: `Text` for string values (email, name), `Blob` for binary data (nonce), and `Nat` for timestamps. # Changes - `prepare_icrc3_attributes` now produces `Icrc3Value::Text` for attribute values, `Icrc3Value::Blob` for nonce, and `Icrc3Value::Nat` for timestamps instead of encoding everything as `Blob`. - `icrc3_attribute_message` accepts `BTreeMap<String, Icrc3Value>` instead of `BTreeMap<String, Vec<u8>>`. - E2e tests updated to verify correct ICRC-3 Value types in the decoded attribute map. --- <div align="left">← Previous: dfinity#3768</div> <div align="right">Next: dfinity#3791 →</div> --------- Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com>
pull Bot
pushed a commit
to mikeyhodl/internet-identity
that referenced
this pull request
Apr 22, 2026
…architecture (dfinity#3777) The authorize flow previously had request handling intertwined with UI components — handlers would trigger UI changes directly, and UI components would drive handler logic. This made the flow hard to follow and brittle to change. This PR introduces a clean separation: **handlers ← stores → UI**. Channel handlers write to stores and observe stores (via `waitForStore`). The UI reads stores to decide what to render, and writes to stores when the user takes action. Neither side knows about the other. # Changes - **Extract channel handlers into dedicated files.** `channelHandlers/icrc25.ts` (standards, permissions), `channelHandlers/delegation.ts` (ICRC-34), and `channelHandlers/attributes.ts` (legacy + ICRC-3 attributes) — each self-contained with their own imports. - **Split authorization store into context and outcome.** `authorizationStore` holds the request context (`effectiveOrigin`), `authorizedStore` holds the outcome (`accountNumber`). Handlers `waitForStore(authorizedStore)` instead of polling a combined state. - **Add `waitForStore` utility.** Generic helper that resolves when a Svelte store value satisfies a condition — eliminates repeated subscribe/unsubscribe boilerplate across handlers. - **Gate attribute handlers on dapp opt-in.** Attributes are only served to known dapps with `certifiedAttributes: true`, or in dev environments (`fetch_root_key`). Unknown origins get an error response. - **Channel error component.** Extracted `ChannelError.svelte` with per-error-type messages, shared across channel, pending-channel, and resuming-channel layouts. - **Fix pending/resuming channel layout guards.** Pending-channel now renders errors. Resuming-channel waits for channel establishment before rendering children, shows errors when appropriate. - **Remove `AuthorizationChannel.svelte`.** Layouts call `channelStore.establish()` directly and gate rendering on store state. --- <div align="left">← Previous: dfinity#3791</div> <div align="right">Next: dfinity#3781 →</div>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The ICRC-3 attribute handler previously only existed in the OpenID resume flow. Dapps using the default (non-OpenID) authorize flow that request
ii-icrc3-attributeswould get no response.This adds an ICRC-3 attributes listener to the default authorize flow's
AuthorizationChannel. Since the user didn't authenticate via OpenID, there are no attribute values to certify — the handler responds with only the implicit entries (nonce, origin, timestamp) by callingprepare_icrc3_attributeswith an empty attributes list.Changes
handleIcrc3AttributeRequeststoAuthorizationChannel.sveltethat listens forii-icrc3-attributes, waits for authorization + authentication, then certifies an empty attribute set.