From b2a795b28611f586a8bc6f4f3fee5e201295e845 Mon Sep 17 00:00:00 2001 From: "pr-automation-bot-public[bot]" Date: Tue, 14 Jul 2026 09:38:30 +0000 Subject: [PATCH] chore: sync II spec to dfinity/internet-identity release-2026-07-14 --- .sources/VERSIONS | 2 +- .sources/internetidentity | 2 +- public/references/internet-identity.did | 61 +++++++++++++++++++++++++ 3 files changed, 63 insertions(+), 2 deletions(-) diff --git a/.sources/VERSIONS b/.sources/VERSIONS index 4fb0717..2612621 100644 --- a/.sources/VERSIONS +++ b/.sources/VERSIONS @@ -62,4 +62,4 @@ motoko-core v2.4.0 cdk-rs ic-cdk v0.20.1 / ic-cdk-timers v1.0.0 / ic-cdk-executor v2.0.0 317f55c candid 2025-12-18 # candid v0.10.20, didc v0.5.4 2e4a2cf response-verification v3.1.0 18c5a37 -internetidentity release-2026-07-06 37670ecf +internetidentity release-2026-07-14 a00b4a11 diff --git a/.sources/internetidentity b/.sources/internetidentity index 37670ec..a00b4a1 160000 --- a/.sources/internetidentity +++ b/.sources/internetidentity @@ -1 +1 @@ -Subproject commit 37670ecf4ac0600a9ff596ebc8a5e885e31249cd +Subproject commit a00b4a11206b9b008894332537c4fba342804d54 diff --git a/public/references/internet-identity.did b/public/references/internet-identity.did index 5574be5..2fbfd9b 100644 --- a/public/references/internet-identity.did +++ b/public/references/internet-identity.did @@ -1131,6 +1131,25 @@ type McpRegistration = record { expiration : Timestamp; }; +// Result of prepare_mcp_registration_delegation: the canister-signature public +// key the registration delegation is rooted at (P_reg), and the (short) +// expiration of that delegation. The frontend fetches the signed delegation via +// get_mcp_registration_delegation and delivers the chain to the trusted MCP +// server, which redeems it with mcp_register_v2. +type PrepareMcpRegistrationDelegation = record { + user_key : UserKey; + expiration : Timestamp; +}; + +// Result of mcp_register_v2: the expiration (ns since epoch) of the MCP session +// grant, plus the access level the user chose at connect (queries = read-only, +// all = full). The server reads permissions to learn the read-only state up +// front (the v2 flow has no completion POST carrying it). +type McpRegistrationV2 = record { + expiration : Timestamp; + permissions : Permissions; +}; + type GetAccountsError = variant { InternalCanisterError : text; Unauthorized : principal; @@ -1905,6 +1924,48 @@ service : (opt InternetIdentityInit) -> { expiration : Timestamp ) -> (variant { Ok : SignedDelegation; Err : SessionDelegationError }) query; + // Mint a short-lived MCP registration delegation (P_reg -> registration_key). + // Authenticated as the identity (only the consenting user can create one). + // registration_key is an ephemeral key the II frontend generates for this + // connect (browser-held — the canister never delegates to a key taken from + // the connect link; the frontend extends the chain to the server's key + // browser-side). P_reg is derived from a fresh random nonce, and the whole + // consent — the anchor, permissions (read-only choice), max_ttl (session- + // grant lifetime), and the identity's current trusted-server URL — is + // recorded on an index entry keyed by P_reg, so mcp_register_v2 recovers it + // server-side and the server cannot alter any of it. + prepare_mcp_registration_delegation : ( + anchor_number : UserNumber, + registration_key : SessionKey, + permissions : opt Permissions, + max_ttl : opt nat64 + ) -> (variant { Ok : PrepareMcpRegistrationDelegation; Err : text }); + + // Fetch the signed registration delegation prepared above, to deliver to the + // trusted MCP server. Authenticated as the identity, like the prepare call. + // user_key is the value the prepare call returned; the seed is recovered + // from it, so no consent parameters need re-passing. + get_mcp_registration_delegation : ( + anchor_number : UserNumber, + registration_key : SessionKey, + user_key : PublicKey, + expiration : Timestamp + ) -> (variant { Ok : SignedDelegation; Err : text }) query; + + // Called by the trusted MCP server, authenticated by the registration + // delegation chain: bind the server's long-lived session_key to the + // consenting anchor. The entire consent — anchor, read-only choice, grant + // lifetime — is recovered from the entry keyed by caller() (the registration + // principal), so the server passes only session_key: it cannot name a + // different anchor, upgrade the access level or stretch the grant, and never + // learns the anchor number. A trusted-server switch or disable since consent + // invalidates the delegation. Usable until the registration delegation + // expires (~5 min); re-registration within that window replaces the anchor's + // single MCP session. + mcp_register_v2 : ( + session_key : SessionKey + ) -> (variant { Ok : McpRegistrationV2; Err : text }); + get_default_account : ( anchor_number : UserNumber, origin : FrontendHostname,