docs(be,fe): design doc and implementation checklist for verified emails as a first-class II primitive#4027
Draft
MRmarioruci wants to merge 3 commits into
Draft
docs(be,fe): design doc and implementation checklist for verified emails as a first-class II primitive#4027MRmarioruci wants to merge 3 commits into
MRmarioruci wants to merge 3 commits into
Conversation
…ils as a first-class II primitive
…ied emails as parallel concepts
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Internet Identity has a single recovery-email slot per anchor, verified through an inbound DKIM/DMARC/DNSSEC ownership-proof flow. Dapps can request
email/name/verified_emailattributes but only from linked OpenID/SSO sources — the recovery email is invisible to that surface. Users can't add multiple verified emails for any other purpose, and there's no way to share an email with a dapp that doesn't go through a third-party identity provider.This PR adds two design artifacts to start the conversation; no code changes.
Changes
Two new files under
docs/design/:verified-email-attributes.md— design doc. Proposes adding verified emails as a new, independent first-class anchor primitive that lives alongside the existing recovery-email slot. The recovery flow stays untouched; verified emails are a parallel new feature that shares the verification primitive (inbound DKIM challenge) but uses separate storage, separate candid methods, a separate wizard component, a separateII-Verify-subject prefix, and a separatePendingKind::VerifyEmailvariant. Four phases, each shipping as a single release:StorableVerifiedEmailtype, newverified_emailsfield added additively (no migration), newverified_email_*candid surface, new wizard + narrow settings panel +/authorizeempty-state inline flow.verified_emailsentries, with a separate "Unverified emails" section and a Verify-from-unverified flow that promotes IdP-issued emails through the DKIM challenge.verified:<H(address)>:emailscope. Recovery email is intentionally not exposed.verified-email-implementation.md— operational checklist. File-path-level steps for implementers, with locked decisions stated up front (cap=5, additive storage, parallel concepts, no migration, dual-prefix parser,verifiedEmail/wizard directory, "Reach" page name with per-IdP source icons) and a suggested PR breakdown for the eventual feature work.Includes a "Copy and tone" subsection that commits to framing the share as a net benefit rather than as friction, with principles for the new surfaces (empty-state prompt, settings panel, wizard success) and explicit non-changes for the existing consent dialog.
Both files cross-link to each other. The design doc explains why; the checklist is what to do.