Beyond Pseudonymity: Internet Identity Launches Certified Identity Attributes for 1-Click Web3 Onboarding

For years, Web3 dApps have struggled with a major user experience hurdle: onboarding friction. While the Internet Computer’s Internet Identity (II) offered secure, passwordless authentication, its pseudonymity-by-design meant developers had to build custom, redundant flows just to verify basic user details—like emails for notifications or names for personalization.

That friction ends today. DFINITY has officially launched Identity Attributes, a major upgrade that transforms II (id.ai) into a central control panel for certified attribute sharing. Now, users can securely share verified attributes, such as emails and usernames, directly with the dApps they use, with no extra verification steps required.

Inside the Two Authentication Flows

To balance absolute user control with smooth Web2-style convenience, the upgrade introduces two distinct attribute-sharing flows:

1. The Regular Flow: When a user logs in, II prompts them with an explicit list of the attributes requested by the dApp. Users can choose to share previously used values, modify them (which II then verifies), or deny sharing altogether.
2. The 1-Click Flow: A game-changer for mainstream adoption. When a user selects "Sign in with Google (powered by id.ai)", they complete their login via Google. Because their intent to link accounts is clear, II automatically forwards basic certified attributes (like name and email) without an extra confirmation screen.

Developer-Friendly Implementation

For developers, integrating Identity Attributes is highly intuitive, using an API that closely mirrors the familiar authClient.

To request attributes, developers pass them in the initial authentication call. Crucially, the actual validation must occur on the backend to prevent frontend tampering. The following pseudocode illustrates how simple the integration is:

let { delegationChain, certifiedAttributes } = await authenticate({
    direct_openid_auth: "https://accounts.google.com",
    attributes: [
        "openid:https://accounts.google.com:email",
        "openid:https://accounts.google.com:name"
    ],
});

// Conducted safely on the backend
let { principal, attributes } = verify(delegationChain, certifiedAttributes, issuer);
let email = attributes.get("email");
let name = attributes.get("name");

By verifying these attributes against the delegation chain and user principal, dApps get cryptographic proof that the data actually belongs to the user and is certified by II.

Real-World Impact

Early adopters in the ICP community are already mapping out game-changing use cases:

• Rabbithole.app (a sovereign encrypted vault) can now easily resolve shared folder access via verified emails without forcing every app to build its own redundant email verification flow.
• PropXchain (a regulated conveyancing platform) can streamline onboarding by bridging the gap between pseudonymity and certified AML/KYC checks.

While II does not currently offer real-time attribute freshness (meaning usernames are self-reported), it guarantees that verified emails were linked to the user’s OpenID account in the near past. Future iterations may expand to include phone number verification and support for third-party plugins (like decide.ai for unique personhood proof), cementing II as the ultimate decentralized identity hub.