rspace-online/backlog/tasks/task-11 - Sprint-1-EncryptI...

65 lines
1.8 KiB
Markdown

---
id: task-11
title: 'Sprint 1: EncryptID Foundation - WebAuthn + Domain Setup'
status: Done
assignee: []
created_date: '2026-02-05 15:38'
updated_date: '2026-02-05 16:54'
labels:
- encryptid
- sprint-1
- foundation
dependencies: []
priority: high
---
## Description
<!-- SECTION:DESCRIPTION:BEGIN -->
Set up the foundational infrastructure for EncryptID:
1. **Domain Setup**
- Configure encryptid.online domain
- Set up Cloudflare tunnel routing
- Deploy basic landing page
2. **WebAuthn Implementation**
- Registration flow with discoverable credentials
- Authentication flow with PRF extension
- Credential storage in D1/PostgreSQL
3. **Related Origins Configuration**
- Create `.well-known/webauthn` file
- Configure all r-ecosystem domains
- Test cross-origin passkey usage
4. **Session Token Issuance**
- JWT generation with EncryptID claims
- Refresh token rotation
- Session storage strategy
<!-- SECTION:DESCRIPTION:END -->
## Acceptance Criteria
<!-- AC:BEGIN -->
- [ ] #1 encryptid.online domain live and accessible
- [ ] #2 WebAuthn registration creates discoverable credential
- [ ] #3 WebAuthn authentication returns PRF output (where supported)
- [ ] #4 Related Origins allows auth from rspace.online
- [ ] #5 JWT tokens issued with proper EncryptID claims
- [ ] #6 Refresh token rotation working
<!-- AC:END -->
## Implementation Notes
<!-- SECTION:NOTES:BEGIN -->
Starting implementation with domain encryptid.jeffemmett.com
Sprint 1 deployment complete:
- EncryptID server deployed at https://encryptid.jeffemmett.com
- WebAuthn registration/authentication endpoints working
- .well-known/webauthn serving Related Origins config
- Demo page accessible at /demo.html
- Docker container running on Netcup with Traefik routing
- Cloudflare tunnel configured for HTTPS access
<!-- SECTION:NOTES:END -->