Request: expose callerInfoData / callerInfoSigner via mo:core

[marc0olo]

Summary

The Motoko compiler exposes two new system capabilities for reading IC caller-info attribute bundles (added alongside the msg_caller_info_* system APIs in ic-cdk >= 0.20.1):

• Prim.callerInfoData<system>() : Blob — returns the Candid-encoded ICRC-3 Value::Map attribute bundle attached to the current call
• Prim.callerInfoSigner<system>() : Blob — returns the principal (as a raw blob) of the canister that signed the bundle, or an empty blob if none

Both are currently only accessible via mo:prim. Since mo:prim is an internal surface that should be avoided in application code, these capabilities need a stable mo:core home.

Why this matters

Any canister that wants to verify signed identity attributes from Internet Identity (e.g. email, verified_email) must currently import mo:prim solely for these two functions. There is no mo:core alternative. This surfaced during a skill review for the IC Skills project: dfinity/icskills#182 — the Motoko backend example is forced to import Prim even though the project guideline is to minimise mo:prim usage.

Proposed API

A new module (e.g. mo:core/CallerInfo or mo:core/ExperimentalCallerInfo) exposing:

module {
  /// Returns the Candid-encoded ICRC-3 Value::Map attribute bundle
  /// attached to the current call, or an empty blob if none was provided.
  public func data() : Blob;

  /// Returns the principal of the canister that signed the attribute bundle,
  /// or null if no bundle was attached.
  public func signer() : ?Principal;
}

signer() returning ?Principal directly (rather than a raw blob that callers must convert) would also remove a footgun: the current Prim.callerInfoSigner returns an empty blob for "no signer", which is easy to mishandle.

References

• feat(internet-identity): update for @icp-sdk/auth v7 API and identity attributes dfinity/icskills#182 — internet-identity skill update where this was discovered
• ic-cdk msg_caller_info_data / msg_caller_info_signer (Rust equivalents, ic-cdk >= 0.20.1)

[marc0olo]

This is already addressed in v2.5.0 via #491 — closing.

The CallerAttributes module ships getAttributes<system>() : ?Blob which combines the signer check and the data read into one call. The trust list is configured via the trusted_attribute_signers canister environment variable rather than being hardcoded in application code, which is a better design than what we proposed here (a separate signer() : ?Principal accessor).

This came up while reviewing dfinity/icskills#182, which documents the Motoko backend pattern for reading identity attributes. That skill will be updated to use mo:core/CallerAttributes instead of the manual Prim.callerInfoSigner / Prim.callerInfoData calls.

[ggreif]

Alright, we are considering to give this a proper language-level treatment. Like the {caller} syntax on public func.
Maybe something like {caller, attributes : { email : Text; age : Nat }}. But we'll need some breathing space before we can come up with a pretty and functional design, that doesn't pessimise other use-cases! The low-level approach may stay indefinitely, for uses that want utmost control. @marc0olo