Rewrote auth flow to go through EncryptID server instead of
client-side unsigned JWTs. Fixes "Invalid or expired authentication
token" on space creation, and shows username in header.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The RP ID jeffemmett.com caused "relying party ID is not a registrable
domain suffix" errors on *.rspace.online subdomains. Related Origins
also exceeded the 5 eTLD+1 browser limit with 18+ domains listed.
Now rspace.online is the RP ID, so all *.rspace.online subdomains
(including cca.rspace.online) are valid automatically. The Related
Origins file only lists non-rspace.online r* ecosystem domains.
Also points rspace-header auth URL to auth.rspace.online.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
When a user authenticates through the community creation form (via
requireAuth), the header bar now re-renders to show the logged-in
state instead of still displaying the Sign In button.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds a persistent header bar with sign-in/sign-up across landing and canvas
pages. The "Create Community Space" form now requires EncryptID authentication,
showing a passkey auth modal if the user isn't signed in. Auth tokens are sent
with the community creation API call. EncryptID WebAuthn modules are lazy-loaded
only when auth is triggered.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Jeff Emmett
Jeff Emmett