We have just released StoicIdentity — an InternetComputer compatiable Identity library that can be used with the HttpAgent. Applications can now request authorization to access a user’s StoicWallet. If approved, the application can make canister calls using the user’s Principal (public key).
StoicIdentity works in a similar way to the Internet Identity, except you are using your identity from your StoicWallet (which could be an II, private key, oAutho account like Google and more).
What about security? No private keys are ever exposed, and the “bridge” that is create only exists locally — when you grant an application access, it can only do so on the same device. You can also revoke access via the Applications tab in your StoicWallet.
StoicIdentity is a simple JS library that developers can simply include into their applications. We decided not to use a browser extension as we want StoicWallet to eventually be an immutable smart canister with an IC domain and no centralized components, making it completely unstoppable and free from malicious attacks.
In future, we want to add canister scoping to our authorization process, so applications will need to declare which canisters they want to access using your account. We will also implement a secondary authorization point for any calls to sensitive canisters (e.g. NNS or Ledger).
Get started with StoicIdentity by heading over to our GitHub page: https://github.com/Toniq-Labs/stoic-identity