feat: add requestAttributes for signed user attributes by sea-snake · Pull Request #85 · dfinity/icp-js-auth

sea-snake · 2026-04-08T12:06:40Z

Adds a requestAttributes method to AuthClient that requests signed user attributes from the identity provider via the signer's JSON-RPC interface. Attributes can be requested in parallel with sign-in.

The method requires a canister-issued nonce to prevent replay attacks and bind attributes to a specific backend action. The signed attribute bundle also includes implicit:origin and implicit:issued_at_timestamp_ns for the backend canister to verify.

const authClient = new AuthClient();

const nonce: Uint8Array = await backend.registerBegin();
const signInPromise = authClient.signIn();
const attributesPromise = authClient.requestAttributes({ keys: ['email'], nonce });

await signInPromise;
const { data, signature } = await attributesPromise;

The method sends an ii-icrc3-attributes JSON-RPC request with the requested attribute keys and the provided nonce, and returns the base64-decoded data and signature as Uint8Array. Throws on error responses or invalid results.

Breaking changes

AuthClient.login() is renamed to AuthClient.signIn().
AuthClientLoginOptions is renamed to AuthClientSignInOptions.

Prev: #84

Copilot

Pull request overview

This pull request adds a requestAttributes method to AuthClient that enables requesting signed user attributes from the identity provider via a JSON-RPC interface. The method can be called during login or separately, allowing attributes like email and name to be requested and verified with cryptographic signatures.

Changes:

Added requestAttributes method to AuthClient class for requesting signed user attributes with optional custom nonce
Added SignedAttributes interface to represent the signed attribute response (data and signature as Uint8Array)
Exported OPENID_PROVIDER_URLS constant to support documentation examples
Implemented base64 encoding/decoding helper functions with fallback support for native Uint8Array methods
Added comprehensive tests covering normal flow, custom nonce, random nonce generation, error handling, and validation
Updated README and quick-start documentation with usage examples

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.

File	Description
src/client/auth-client.ts	Added `requestAttributes` method, `SignedAttributes` interface, and base64 helper functions; exported `OPENID_PROVIDER_URLS`
tests/client/auth-client.test.ts	Added mocking for `sendRequest` method and comprehensive tests for `requestAttributes` functionality
README.md	Added documentation section with usage examples for requesting user attributes
docs/src/content/docs/quick-start.md	Updated quick-start guide to show parallel login and attribute request pattern

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Reorganizes `auth-client.ts` for clarity: - Class moved before free functions (public API is the first thing you see) - Within the class: constructor → public methods → private methods - Free functions ordered: key helpers → chain helpers → storage helpers → migration - Removed unused `#key` field - Renamed `#createOptions` to `#options` - Simplified `#hydrate()` — delegates key restoration and migration to `restoreKey()` which calls `migrateFromLocalStorage()` as a fallback - Cleaned up JSDoc throughout - Removed `localStorage` try/catch wrappers (assumed always available) - Disabled `pnpm audit` CI workflow due to [pnpm/pnpm#11265](pnpm/pnpm#11265) --- Prev: #83 | Next: #85 --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

- Simplify internetIdentityCanisterId in quick-start (remove unnecessary branching) - Rename "user attributes" to "identity attributes" in README and JSDoc Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

The nonce parameter is now mandatory to enforce that it originates from the RP canister, preventing replay attacks from compromised frontends. README examples updated to use the nonce-based flow as the default pattern, with documentation of all implicit verification fields. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

sea-snake requested a review from a team as a code owner April 8, 2026 12:06

sea-snake force-pushed the sea-snake/request-attributes branch 3 times, most recently from 899b643 to 15bf417 Compare April 8, 2026 12:14

sea-snake mentioned this pull request Apr 8, 2026

refactor: reorganize auth-client code structure #84

Merged

sea-snake force-pushed the sea-snake/request-attributes branch 10 times, most recently from 3247078 to 9fcfdf9 Compare April 8, 2026 12:39

sea-snake requested review from aterga and Copilot April 8, 2026 12:40

Copilot started reviewing on behalf of sea-snake April 8, 2026 12:40 View session

sea-snake force-pushed the sea-snake/request-attributes branch from 9fcfdf9 to e1ebd89 Compare April 8, 2026 12:41

Copilot AI reviewed Apr 8, 2026

View reviewed changes

Comment thread src/client/auth-client.ts

Comment thread src/client/auth-client.ts Outdated

sea-snake force-pushed the sea-snake/request-attributes branch 10 times, most recently from f76aa6f to f6ea3fe Compare April 8, 2026 14:21

sea-snake force-pushed the sea-snake/cleanup branch from cbb903d to dbad5ab Compare April 15, 2026 15:28

sea-snake force-pushed the sea-snake/request-attributes branch from c0bf998 to d92b50e Compare April 15, 2026 15:33

sea-snake force-pushed the sea-snake/cleanup branch from dbad5ab to aa0e82b Compare April 15, 2026 15:33