π https://identity.internetcomputer.org β’ π Specification
β
π Forum β’ π Report an Issue β’ π Discord
Internet Identity is an authentication and identity service for the Internet Computer. It enables hundreds of thousands of users to securely log in to dapps such as OISY, Caffeine, NNS Dapp, OpenChat, and many more.
Internet Identity is:
- Simple: Uses passkeys (TouchID, FaceID, Windows Hello, security keys) for passwordless registration and authentication. Users can also sign in with their Google, Apple, or Microsoft account via OpenID Connect.
- Flexible: Integrating Internet Identity is as simple as using the agent-js library or the ICRC authentication standards. No need to interact with the canister smart contract directly.
- Secure: A unique identity (principal) is derived for each app a user authenticates to, preventing cross-app tracking. Cryptographic material never leaves the user's device.
For more information, see the Internet Identity documentation on internetcomputer.org.
- Getting Started
- Key Features
- Technology Stack
- Stable Memory Compatibility
- Contributing
- Getting Help
- Links
This section gives an overview of Internet Identity's architecture, instructions on how to build the Wasm module (canister), and finally pointers for integrating Internet Identity in your own applications.
Use the Internet Identity canister in your local dfx project by adding the following code snippet to your dfx.json file:
{
"canisters": {
"internet_identity": {
"type": "custom",
"candid": "https://github.com/dfinity/internet-identity/releases/download/release-2025-04-04-v3/internet_identity.did",
"wasm": "https://github.com/dfinity/internet-identity/releases/download/release-2025-04-04-v3/internet_identity_production.wasm.gz",
"init_arg": "(opt record { captcha_config = opt record { max_unsolved_captchas= 50:nat64; captcha_trigger = variant {Static = variant {CaptchaDisabled}}}})",
"remote": {
"id": {
"ic": "rdmx6-jaaaa-aaaaa-aaadq-cai"
}
},
"frontend": {}
}
}
}To deploy, run dfx deploy.
To access Internet Identity or configure it for your dapp, use one of the following URLs:
- Chrome, Firefox:
http://<canister_id>.localhost:4943 - Safari:
http://localhost:4943?canisterId=<canister_id>
If you are running into build issues on Apple Silicon (specifically, if rollup is trying to access @rollup/rollup-darwin-x64), try using nvm to install node.
Internet Identity is an authentication service for the Internet Computer. All programs on the Internet Computer are Wasm modules, or canisters (canister smart contracts).
Internet Identity consists of two canisters: a backend canister that manages user data and authentication logic, and a stateless frontend canister that serves the web application assets.
π‘ The backend interface is specified by the internet_identity.did candid interface. The backend canister code is located in
src/internet_identity, and the frontend application code is located insrc/frontend.
The Internet Identity authentication service works indirectly by issuing "delegations" on the user's behalf; basically attestations signed with some private cryptographic material owned by the user. The private cryptographic material never leaves the user's device. The Internet Identity frontend application uses the WebAuthn API to first create the private cryptographic material, and then the WebAuthn API is used again to sign delegations.
Note: The architecture diagram above shows the core delegation flow. See the specification for the full architecture.
For more details, please refer to the Internet Identity Specification.
To get the canister (Wasm module) for Internet Identity, you can either download a release from the releases page, or build the code yourself. The simplest way to build the code yourself is to use Docker and the docker-build script:
$ ./scripts/docker-buildThe Dockerfile specifies build instructions for Internet Identity. Building the Dockerfile will result in a scratch container that contains the Wasm module at /internet_identity.wasm.gz.
We recommend using the docker-build script. It extracts the Wasm module from the final scratch container.
π‘ You can find instructions for building the code without Docker in the HACKING document.
The using-dev-build demo shows a minimal example project that integrates Internet Identity using agent-js. For the full integration protocol, refer to the Client Authentication Protocol section of the Internet Identity Specification.
- Passkey Authentication: Passwordless login using WebAuthn-compatible authenticators (TouchID, FaceID, Windows Hello, security keys).
- OpenID Connect: Users can register and authenticate using their Google, Apple, or Microsoft account as an alternative to passkeys.
- Multiple Accounts: Users can create and manage multiple identities (accounts) per application.
- Discoverable Passkeys: Support for resident/discoverable credentials that enable sign-in without entering an identity number.
- Backend: Rust canister running on the Internet Computer
- Frontend: SvelteKit + TypeScript, built with Vite
- Authentication: WebAuthn / passkeys, OpenID Connect (Google, Apple, Microsoft)
- Specification: Internet Identity Spec
Internet Identity requires data in stable memory to have a specific layout in order to be upgradeable. The layout has been changed multiple times in the past. This is why II stable memory is versioned and each version of II is only compatible to some stable memory versions.
If on upgrade II traps with the message stable memory layout version ... is no longer supported then the stable memory layout has changed and is no longer compatible.
The easiest way to address this is to reinstall the canister (thus wiping stable memory). A canister can be reinstalled by executing dfx deploy <canister> --mode reinstall.
We welcome contributions! Please see CONTRIBUTING.md for guidelines on how to get started. For development setup and build instructions, refer to HACKING.md.
We're here to help! Here are some ways you can reach out for help if you get stuck:
- Internet Identity Bug Tracker: Create a new ticket if you encounter a bug using Internet Identity, or if an issue arises when you try to build the code.
- DFINITY Forum: The forum is a great place to look for information and to ask for help.
- Support: Create a support request if you'd like to keep things private.
- Internet Identity Specification, the official Internet Identity Specification
- Internet Identity Documentation on internetcomputer.org