rspace-online/backlog/tasks/task-51.4 - Phase-4-Simplif...

33 lines
905 B
Markdown

---
id: TASK-51.4
title: 'Phase 4: Simplify EncryptID and WebAuthn for single domain'
status: To Do
assignee: []
created_date: '2026-02-25 07:47'
labels:
- infrastructure
- domains
- migration
- auth
dependencies:
- TASK-51.3
parent_task_id: TASK-51
priority: medium
---
## Description
<!-- SECTION:DESCRIPTION:BEGIN -->
Prune WebAuthn Related Origins, JWT audience claims, and CORS allowedOrigins now that all modules are on rspace.online.
Files: server/index.ts (.well-known/webauthn), public/.well-known/webauthn, src/encryptid/session.ts (JWT aud), src/encryptid/server.ts (allowedOrigins + HTML templates).
<!-- SECTION:DESCRIPTION:END -->
## Acceptance Criteria
<!-- AC:BEGIN -->
- [ ] #1 Passkey login works on rspace.online
- [ ] #2 No CORS errors for auth flows
- [ ] #3 JWT aud is rspace.online only
- [ ] #4 .well-known/webauthn no longer lists standalone domains
<!-- AC:END -->