40 lines
1.6 KiB
Markdown
40 lines
1.6 KiB
Markdown
---
|
|
id: TASK-51.4
|
|
title: 'Phase 4: Simplify EncryptID and WebAuthn for single domain'
|
|
status: Done
|
|
assignee: []
|
|
created_date: '2026-02-25 07:47'
|
|
updated_date: '2026-03-12 04:51'
|
|
labels:
|
|
- infrastructure
|
|
- domains
|
|
- migration
|
|
- auth
|
|
dependencies:
|
|
- TASK-51.3
|
|
parent_task_id: TASK-51
|
|
priority: medium
|
|
---
|
|
|
|
## Description
|
|
|
|
<!-- SECTION:DESCRIPTION:BEGIN -->
|
|
Prune WebAuthn Related Origins, JWT audience claims, and CORS allowedOrigins now that all modules are on rspace.online.
|
|
|
|
Files: server/index.ts (.well-known/webauthn), public/.well-known/webauthn, src/encryptid/session.ts (JWT aud), src/encryptid/server.ts (allowedOrigins + HTML templates).
|
|
<!-- SECTION:DESCRIPTION:END -->
|
|
|
|
## Acceptance Criteria
|
|
<!-- AC:BEGIN -->
|
|
- [ ] #1 Passkey login works on rspace.online
|
|
- [ ] #2 No CORS errors for auth flows
|
|
- [ ] #3 JWT aud is rspace.online only
|
|
- [ ] #4 .well-known/webauthn no longer lists standalone domains
|
|
<!-- AC:END -->
|
|
|
|
## Implementation Notes
|
|
|
|
<!-- SECTION:NOTES:BEGIN -->
|
|
**2026-03-11:** Pruned allowedOrigins from ~30 entries to 16 (removed all r*.online standalone app domains that now 301 to rspace.online). Kept: rspace.online subdomains, ridentity.online (EncryptID's own domain), rsocials.online ecosystem, canvas-website migration, localhost. Simplified JWT aud from full origins array to single 'rspace.online' string. Removed rwallet.online from SIWE allowedDomains. Updated webauthn related origins (removed rwallet, kept ridentity + rsocials ecosystem). Updated EncryptID HTML template links to use rspace.online paths instead of r*.online domains. ridentity.online kept as canonical EncryptID/OIDC domain per user decision.
|
|
<!-- SECTION:NOTES:END -->
|