1.6 KiB
| id | title | status | assignee | created_date | updated_date | labels | dependencies | parent_task_id | priority | |||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| TASK-51.4 | Phase 4: Simplify EncryptID and WebAuthn for single domain | Done | 2026-02-25 07:47 | 2026-03-12 04:51 |
|
|
TASK-51 | medium |
Description
Prune WebAuthn Related Origins, JWT audience claims, and CORS allowedOrigins now that all modules are on rspace.online.
Files: server/index.ts (.well-known/webauthn), public/.well-known/webauthn, src/encryptid/session.ts (JWT aud), src/encryptid/server.ts (allowedOrigins + HTML templates).
Acceptance Criteria
- #1 Passkey login works on rspace.online
- #2 No CORS errors for auth flows
- #3 JWT aud is rspace.online only
- #4 .well-known/webauthn no longer lists standalone domains
Implementation Notes
2026-03-11: Pruned allowedOrigins from ~30 entries to 16 (removed all r*.online standalone app domains that now 301 to rspace.online). Kept: rspace.online subdomains, ridentity.online (EncryptID's own domain), rsocials.online ecosystem, canvas-website migration, localhost. Simplified JWT aud from full origins array to single 'rspace.online' string. Removed rwallet.online from SIWE allowedDomains. Updated webauthn related origins (removed rwallet, kept ridentity + rsocials ecosystem). Updated EncryptID HTML template links to use rspace.online paths instead of r*.online domains. ridentity.online kept as canonical EncryptID/OIDC domain per user decision.