feat(be): add implicit:origin and implicit:issued_at_timestamp_ns to ICRC-3 message (dfinity#3730)

## Summary
- Add two new implicit attributes to the ICRC-3 certified message map
produced by `prepare_icrc3_attributes`:
- `implicit:origin` — the origin of the relying party app (UTF-8 blob),
enabling verifiers to confirm which app the attributes were issued for
- `implicit:issued_at_timestamp_ns` — the canister time at the moment of
issuance as a UTF-8 decimal string of nanoseconds since Unix epoch,
enabling verifiers to check freshness
- These join the existing `implicit:nonce` field, bringing the total
implicit fields to three
- The timestamp is passed as a parameter to
`Anchor::prepare_icrc3_attributes` (sourced from `ic_cdk::api::time()`
in the handler) to keep the method testable

## Test plan
- [x] Unit tests pass (4 prepare_icrc3 error path tests updated with new
parameters)
- [x] Integration test
`should_certify_icrc3_attributes_mixed_omit_scope` updated to assert on
all 5 map entries (email, name, nonce, origin, timestamp) and verify the
signature
- [x] `cargo check --tests` passes

< [Previous PR](dfinity#3730)
|

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com>

Author: 3 people

src/internet_identity/src/attributes.rs

@@ -261,6 +261,8 @@ impl Anchor {
         &self,
         attribute_specs: Vec<ValidatedAttributeSpec>,
         nonce: Vec<u8>,
+        origin: String,
+        issued_at_timestamp_ns: u64,
         account: Account,
     ) -> Result<Vec<u8>, PrepareIcrc3AttributeError> {
         let mut certified_pairs = BTreeMap::new();
@@ -339,6 +341,11 @@ impl Anchor {
         }
 
         certified_pairs.insert("implicit:nonce".to_string(), nonce);
+        certified_pairs.insert("implicit:origin".to_string(), origin.into_bytes());
+        certified_pairs.insert(
+            "implicit:issued_at_timestamp_ns".to_string(),
+            issued_at_timestamp_ns.to_string().into_bytes(),
+        );
 
         let message = icrc3_attribute_message(&certified_pairs);
 
@@ -1611,6 +1618,8 @@ mod tests {
                     google_spec(AttributeName::Name, Some(b"Wrong Name"), false),        // wrong
                 ],
                 vec![0u8; 32],
+                "https://dapp.com".to_string(),
+                1_000_000_000,
                 account,
             );
 
@@ -1646,6 +1655,8 @@ mod tests {
                     omit_scope: false,
                 }],
                 vec![0u8; 32],
+                "https://dapp.com".to_string(),
+                1_000_000_000,
                 account,
             );
 
@@ -1677,6 +1688,8 @@ mod tests {
                     omit_scope: false,
                 }],
                 vec![0u8; 32],
+                "https://dapp.com".to_string(),
+                1_000_000_000,
                 account,
             );
 
@@ -1705,6 +1718,8 @@ mod tests {
                     google_spec(AttributeName::Email, None, true),
                 ],
                 vec![0u8; 32],
+                "https://dapp.com".to_string(),
+                1_000_000_000,
                 account,
             );
 

src/internet_identity/src/main.rs

@@ -1345,12 +1345,20 @@ mod attribute_sharing {
                 PrepareIcrc3AttributeError::AuthorizationError(principal)
             })?;
 
-        let account = get_account_for_origin(anchor.anchor_number(), origin, account_number)
-            .map_err(PrepareIcrc3AttributeError::GetAccountError)?;
+        let account =
+            get_account_for_origin(anchor.anchor_number(), origin.clone(), account_number)
+                .map_err(PrepareIcrc3AttributeError::GetAccountError)?;
 
         state::ensure_salt_set().await;
 
-        let message = anchor.prepare_icrc3_attributes(attributes, nonce, account)?;
+        let issued_at_timestamp_ns = ic_cdk::api::time();
+        let message = anchor.prepare_icrc3_attributes(
+            attributes,
+            nonce,
+            origin,
+            issued_at_timestamp_ns,
+            account,
+        )?;
 
         Ok(PrepareIcrc3AttributeResponse { message })
     }

src/internet_identity/tests/integration/attributes.rs

@@ -658,17 +658,21 @@ fn should_certify_icrc3_attributes_mixed_omit_scope() {
         nonce: nonce.clone(),
     };
 
+    let time_before = env.get_time().as_nanos_since_unix_epoch();
+
     let prepare_response =
         api::prepare_icrc3_attributes(&env, canister_id, principal, prepare_request)
             .expect("failed to call prepare_icrc3_attributes")
             .expect("prepare_icrc3_attributes error");
 
+    let time_after = env.get_time().as_nanos_since_unix_epoch();
+
     let icrc3_value: Icrc3Value = candid::Decode!(&prepare_response.message, Icrc3Value)
         .expect("failed to decode ICRC-3 value");
 
     match &icrc3_value {
         Icrc3Value::Map(entries) => {
-            assert_eq!(entries.len(), 3);
+            assert_eq!(entries.len(), 5);
             let keys: Vec<&str> = entries.iter().map(|(k, _)| k.as_str()).collect();
             // email should have scope omitted
             assert!(
@@ -692,6 +696,37 @@ fn should_certify_icrc3_attributes_mixed_omit_scope() {
                 Icrc3Value::Blob(nonce.clone()),
                 "Nonce value in certified message does not match the provided nonce"
             );
+            // origin should be included
+            let origin_entry = entries
+                .iter()
+                .find(|(k, _)| k == "implicit:origin")
+                .expect("Expected 'implicit:origin' key in message map");
+            assert_eq!(
+                origin_entry.1,
+                Icrc3Value::Blob(origin.as_bytes().to_vec()),
+                "Origin value does not match"
+            );
+            // issued_at_timestamp_ns should fall within the time window of the call
+            let timestamp_entry = entries
+                .iter()
+                .find(|(k, _)| k == "implicit:issued_at_timestamp_ns")
+                .expect("Expected 'implicit:issued_at_timestamp_ns' key in message map");
+            match &timestamp_entry.1 {
+                Icrc3Value::Blob(bytes) => {
+                    let ts: u64 = std::str::from_utf8(bytes)
+                        .expect("timestamp should be valid UTF-8")
+                        .parse()
+                        .expect("timestamp should be a valid u64");
+                    assert!(
+                        ts >= time_before && ts <= time_after,
+                        "Timestamp {} should be between {} and {}",
+                        ts,
+                        time_before,
+                        time_after
+                    );
+                }
+                other => panic!("Expected Blob for timestamp, got {:?}", other),
+            }
         }
         other => panic!("Expected Map, got {:?}", other),
     }