Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .sources/VERSIONS
Original file line number Diff line number Diff line change
Expand Up @@ -62,4 +62,4 @@ motoko-core v2.4.0
cdk-rs ic-cdk v0.20.1 / ic-cdk-timers v1.0.0 / ic-cdk-executor v2.0.0 317f55c
candid 2025-12-18 # candid v0.10.20, didc v0.5.4 2e4a2cf
response-verification v3.1.0 18c5a37
internetidentity release-2026-07-06 37670ecf
internetidentity release-2026-07-14 a00b4a11
2 changes: 1 addition & 1 deletion .sources/internetidentity
Submodule internetidentity updated 69 files
+252 −160 docs/mcp-server-guide.md
+89 −39 package-lock.json
+2 −1 package.json
+3 −12 src/canister_tests/src/api/internet_identity.rs
+61 −0 src/canister_tests/src/api/internet_identity/api_v2.rs
+15 −1 src/frontend/src/hooks.client.ts
+53 −0 src/frontend/src/lib/components/ui/AccessLevelSelector.svelte
+0 −72 src/frontend/src/lib/components/ui/AccessLevelToggle.svelte
+1 −0 src/frontend/src/lib/constants/store.constants.ts
+189 −1 src/frontend/src/lib/flows/authFlow.svelte.test.ts
+86 −43 src/frontend/src/lib/flows/authFlow.svelte.ts
+28 −0 src/frontend/src/lib/generated/internet_identity_idl.js
+23 −0 src/frontend/src/lib/generated/internet_identity_types.d.ts
+1 −1 src/frontend/src/lib/globals.ts
+1 −1 src/frontend/src/lib/legacy/flows/dappsExplorer/dapps.json
+1 −0 src/frontend/src/lib/legacy/flows/verifiableCredentials/index.ts
+13 −7 src/frontend/src/lib/state/featureFlags.ts
+58 −0 src/frontend/src/lib/stores/access-level.store.test.ts
+58 −0 src/frontend/src/lib/stores/access-level.store.ts
+1 −1 src/frontend/src/lib/stores/authentication.store.ts
+9 −6 src/frontend/src/lib/stores/channelHandlers/delegation.ts
+1 −0 src/frontend/src/lib/stores/session-delegation.store.test.ts
+1 −1 src/frontend/src/lib/stores/session-delegation.store.ts
+1 −1 src/frontend/src/lib/stores/session.store.ts
+1 −45 src/frontend/src/lib/utils/accessLevel.test.ts
+0 −24 src/frontend/src/lib/utils/accessLevel.ts
+98 −0 src/frontend/src/lib/utils/analytics/analytics.test.ts
+77 −19 src/frontend/src/lib/utils/analytics/analytics.ts
+178 −0 src/frontend/src/lib/utils/authCallbacks.test.ts
+165 −0 src/frontend/src/lib/utils/authCallbacks.ts
+1 −0 src/frontend/src/lib/utils/authentication/sessionDelegation.test.ts
+3 −1 src/frontend/src/lib/utils/discoverablePasskeyIdentity.ts
+121 −0 src/frontend/src/lib/utils/transport/legacy.test.ts
+9 −3 src/frontend/src/lib/utils/transport/legacy.ts
+86 −0 src/frontend/src/lib/utils/transport/utils.test.ts
+11 −1 src/frontend/src/lib/utils/transport/utils.ts
+40 −0 src/frontend/src/lib/utils/utils.test.ts
+23 −0 src/frontend/src/lib/utils/utils.ts
+8 −1 src/frontend/src/routes/(new-styling)/authorize/+page.svelte
+72 −31 src/frontend/src/routes/(new-styling)/authorize/views/ContinueView.svelte
+2 −1 src/frontend/src/routes/(new-styling)/cli/utils.ts
+40 −17 src/frontend/src/routes/(new-styling)/cli/views/CliAuthorizeView.svelte
+50 −30 src/frontend/src/routes/(new-styling)/mcp/+page.svelte
+77 −69 src/frontend/src/routes/(new-styling)/mcp/+page.ts
+38 −7 src/frontend/src/routes/(new-styling)/mcp/load.test.ts
+183 −286 src/frontend/src/routes/(new-styling)/mcp/utils.test.ts
+123 −158 src/frontend/src/routes/(new-styling)/mcp/utils.ts
+87 −37 src/frontend/src/routes/(new-styling)/mcp/views/McpAuthorizeView.svelte
+13 −14 src/frontend/src/routes/(new-styling)/mcp/views/McpCloseWindowView.svelte
+4 −4 src/frontend/src/routes/(new-styling)/mcp/views/McpConnectingView.svelte
+1 −5 src/frontend/src/routes/+layout.svelte
+253 −98 src/frontend/tests/e2e-playwright/fixtures/mcp.ts
+2 −2 src/frontend/tests/e2e-playwright/routes/authorize/index.spec.ts
+130 −0 src/frontend/tests/e2e-playwright/routes/authorize/openid.spec.ts
+39 −0 src/frontend/tests/e2e-playwright/routes/authorize/sso.spec.ts
+4 −4 src/frontend/tests/e2e-playwright/routes/cli.spec.ts
+20 −2 src/frontend/tests/e2e-playwright/routes/manage/index.spec.ts
+158 −117 src/frontend/tests/e2e-playwright/routes/mcp.spec.ts
+1 −1 src/frontend/tests/e2e-playwright/utils/dnssecTestSigner.ts
+1 −1 src/frontend/tests/e2e-playwright/utils/renderDnssecTestAnchor.mjs
+61 −0 src/internet_identity/internet_identity.did
+54 −2 src/internet_identity/src/main.rs
+5 −2 src/internet_identity/src/mcp.rs
+337 −0 src/internet_identity/src/mcp_registration.rs
+53 −0 src/internet_identity/src/storage.rs
+1 −0 src/internet_identity/src/storage/storable.rs
+95 −0 src/internet_identity/src/storage/storable/mcp_registration.rs
+506 −6 src/internet_identity/tests/integration/mcp.rs
+24 −0 src/internet_identity_interface/src/internet_identity/types.rs
61 changes: 61 additions & 0 deletions public/references/internet-identity.did
Original file line number Diff line number Diff line change
Expand Up @@ -1131,6 +1131,25 @@ type McpRegistration = record {
expiration : Timestamp;
};

// Result of prepare_mcp_registration_delegation: the canister-signature public
// key the registration delegation is rooted at (P_reg), and the (short)
// expiration of that delegation. The frontend fetches the signed delegation via
// get_mcp_registration_delegation and delivers the chain to the trusted MCP
// server, which redeems it with mcp_register_v2.
type PrepareMcpRegistrationDelegation = record {
user_key : UserKey;
expiration : Timestamp;
};

// Result of mcp_register_v2: the expiration (ns since epoch) of the MCP session
// grant, plus the access level the user chose at connect (queries = read-only,
// all = full). The server reads permissions to learn the read-only state up
// front (the v2 flow has no completion POST carrying it).
type McpRegistrationV2 = record {
expiration : Timestamp;
permissions : Permissions;
};

type GetAccountsError = variant {
InternalCanisterError : text;
Unauthorized : principal;
Expand Down Expand Up @@ -1905,6 +1924,48 @@ service : (opt InternetIdentityInit) -> {
expiration : Timestamp
) -> (variant { Ok : SignedDelegation; Err : SessionDelegationError }) query;

// Mint a short-lived MCP registration delegation (P_reg -> registration_key).
// Authenticated as the identity (only the consenting user can create one).
// registration_key is an ephemeral key the II frontend generates for this
// connect (browser-held — the canister never delegates to a key taken from
// the connect link; the frontend extends the chain to the server's key
// browser-side). P_reg is derived from a fresh random nonce, and the whole
// consent — the anchor, permissions (read-only choice), max_ttl (session-
// grant lifetime), and the identity's current trusted-server URL — is
// recorded on an index entry keyed by P_reg, so mcp_register_v2 recovers it
// server-side and the server cannot alter any of it.
prepare_mcp_registration_delegation : (
anchor_number : UserNumber,
registration_key : SessionKey,
permissions : opt Permissions,
max_ttl : opt nat64
) -> (variant { Ok : PrepareMcpRegistrationDelegation; Err : text });

// Fetch the signed registration delegation prepared above, to deliver to the
// trusted MCP server. Authenticated as the identity, like the prepare call.
// user_key is the value the prepare call returned; the seed is recovered
// from it, so no consent parameters need re-passing.
get_mcp_registration_delegation : (
anchor_number : UserNumber,
registration_key : SessionKey,
user_key : PublicKey,
expiration : Timestamp
) -> (variant { Ok : SignedDelegation; Err : text }) query;

// Called by the trusted MCP server, authenticated by the registration
// delegation chain: bind the server's long-lived session_key to the
// consenting anchor. The entire consent — anchor, read-only choice, grant
// lifetime — is recovered from the entry keyed by caller() (the registration
// principal), so the server passes only session_key: it cannot name a
// different anchor, upgrade the access level or stretch the grant, and never
// learns the anchor number. A trusted-server switch or disable since consent
// invalidates the delegation. Usable until the registration delegation
// expires (~5 min); re-registration within that window replaces the anchor's
// single MCP session.
mcp_register_v2 : (
session_key : SessionKey
) -> (variant { Ok : McpRegistrationV2; Err : text });

get_default_account : (
anchor_number : UserNumber,
origin : FrontendHostname,
Expand Down
Loading