rspace-online/backlog/tasks/task-11 - Sprint-1-EncryptID-Foundation-WebAuthn-+-Domain-Setup.md

---
id: task-11
title: 'Sprint 1: EncryptID Foundation - WebAuthn + Domain Setup'
status: Done
assignee: []
created_date: '2026-02-05 15:38'
updated_date: '2026-02-05 16:54'
labels:
  - encryptid
  - sprint-1
  - foundation
dependencies: []
priority: high
---

## Description

<!-- SECTION:DESCRIPTION:BEGIN -->
Set up the foundational infrastructure for EncryptID:

1. **Domain Setup**
   - Configure encryptid.online domain
   - Set up Cloudflare tunnel routing
   - Deploy basic landing page

2. **WebAuthn Implementation**
   - Registration flow with discoverable credentials
   - Authentication flow with PRF extension
   - Credential storage in D1/PostgreSQL

3. **Related Origins Configuration**
   - Create `.well-known/webauthn` file
   - Configure all r-ecosystem domains
   - Test cross-origin passkey usage

4. **Session Token Issuance**
   - JWT generation with EncryptID claims
   - Refresh token rotation
   - Session storage strategy
<!-- SECTION:DESCRIPTION:END -->

## Acceptance Criteria
<!-- AC:BEGIN -->
- [ ] #1 encryptid.online domain live and accessible
- [ ] #2 WebAuthn registration creates discoverable credential
- [ ] #3 WebAuthn authentication returns PRF output (where supported)
- [ ] #4 Related Origins allows auth from rspace.online
- [ ] #5 JWT tokens issued with proper EncryptID claims
- [ ] #6 Refresh token rotation working
<!-- AC:END -->

## Implementation Notes

<!-- SECTION:NOTES:BEGIN -->
Starting implementation with domain encryptid.jeffemmett.com

Sprint 1 deployment complete:
- EncryptID server deployed at https://encryptid.jeffemmett.com
- WebAuthn registration/authentication endpoints working
- .well-known/webauthn serving Related Origins config
- Demo page accessible at /demo.html
- Docker container running on Netcup with Traefik routing
- Cloudflare tunnel configured for HTTPS access
<!-- SECTION:NOTES:END -->