rspace-online/backlog/tasks/task-11 - Sprint-1-EncryptID-Foundation-WebAuthn-+-Domain-Setup.md

id	title	status	assignee	created_date	updated_date	labels	dependencies	priority
task-11	Sprint 1: EncryptID Foundation - WebAuthn + Domain Setup	Done		2026-02-05 15:38	2026-02-05 16:54	encryptid sprint-1 foundation		high

Description

Set up the foundational infrastructure for EncryptID:

1. Domain Setup

   • Configure encryptid.online domain
   • Set up Cloudflare tunnel routing
   • Deploy basic landing page

2. WebAuthn Implementation

   • Registration flow with discoverable credentials
   • Authentication flow with PRF extension
   • Credential storage in D1/PostgreSQL

3. Related Origins Configuration

   • Create .well-known/webauthn file
   • Configure all r-ecosystem domains
   • Test cross-origin passkey usage

4. Session Token Issuance

   • JWT generation with EncryptID claims
   • Refresh token rotation
   • Session storage strategy

Acceptance Criteria

• #1 encryptid.online domain live and accessible
• #2 WebAuthn registration creates discoverable credential
• #3 WebAuthn authentication returns PRF output (where supported)
• #4 Related Origins allows auth from rspace.online
• #5 JWT tokens issued with proper EncryptID claims
• #6 Refresh token rotation working

Implementation Notes

Starting implementation with domain encryptid.jeffemmett.com

Sprint 1 deployment complete:

• EncryptID server deployed at https://encryptid.jeffemmett.com
• WebAuthn registration/authentication endpoints working
• .well-known/webauthn serving Related Origins config
• Demo page accessible at /demo.html
• Docker container running on Netcup with Traefik routing
• Cloudflare tunnel configured for HTTPS access