The evolution of Internet Identity (II) is set to take a significant leap as it begins integrating OpenID providers, expanding its reach and flexibility beyond the Internet Computer Protocol (ICP) ecosystem. This initiative by DFINITY aims to make II a more versatile authentication solution for decentralised applications (dapps) by incorporating familiar Web2-like authentication methods.
Why OpenID?
The integration of OpenID providers into Internet Identity is driven by several compelling reasons. First, it allows II to reach a broader user base. While passkeys represent a promising future for secure authentication, they are not yet widely adopted or accessible to all users. By incorporating OpenID, II can cater to users who either can’t use passkeys, prefer not to, or are unfamiliar with them.
OpenID providers also come with built-in recovery mechanisms, enhancing the user experience in case of lost passkeys. For instance, if a user’s passkey is lost, they can still regain access to their Internet Identity through a linked OpenID provider like Google, ensuring they are not locked out of their accounts.
Additionally, OpenID integration facilitates access from any device, making it possible for users to log in to dapps with Internet Identity on shared or public devices where passkeys might not be an option. This is particularly useful in scenarios where users prefer or need to authenticate via a familiar provider such as Google.
Integration Flows
The plan for OpenID integration within Internet Identity includes several user flows. Users will be able to link an OpenID provider to their Internet Identity, sign in using a linked OpenID provider, and even register a new Internet Identity with an OpenID provider. These flows are designed to mirror those available for passkeys, making OpenID providers a fully integrated and first-class authentication option within II.
Security and Privacy
Security and privacy remain at the forefront of Internet Identity’s design principles. The integration with OpenID providers adheres to stringent security measures, ensuring that the authentication process remains secure and reliable. The integration is fully on-chain, with no additional Web2 components developed except for redirecting users to the OpenID provider and making HTTP outcalls to verify OpenID tokens.
The OpenID token is securely bound to a cryptographic key pair during transmission to the Internet Identity canister, preventing unauthorized interception and misuse. Furthermore, Internet Identity ensures that users’ sensitive data, including their identity numbers, remains private and confidential. Only essential OpenID profile information necessary for authentication is stored securely and is accessible solely by the user.
Google as the First OpenID Provider
The first OpenID provider to be supported by Internet Identity will be Google, which boasts an extensive user base with over 1.8 billion Gmail users globally as of 2024. This initial choice is strategic, given Google’s widespread adoption and familiarity among users, making it a logical first step in integrating OpenID providers into Internet Identity.
However, DFINITY remains open to incorporating more OpenID providers in the future, responding to community and user feedback. This flexibility ensures that Internet Identity can continue to evolve and meet the diverse needs of its growing user base.
The integration of OpenID providers into Internet Identity marks a significant advancement in making decentralised applications more accessible and user-friendly. By bridging the gap between Web2 and Web3 authentication methods, II not only broadens its reach but also enhances security, privacy, and usability for its users. As this integration unfolds, it sets a new standard for decentralised authentication, promising a more inclusive and robust future for dapps on the Internet Computer and beyond.