Hosted oneric.vicenti.netvia theHypermedia Protocol

Develop Seed Hypermedia

Develop Seed Hypermedia

/Projects/Identity Registration Server
Identity Registration Server

Eric Vicenti

21 January 2026, 09:12

    We currently have a "hosting" server which allows users to register subdomains, associated with emails. Each domain is associated with an account.

    There is also a "notify" server which allows users to register for email notifications for a given account. But the notify server does not know which account is registered for notifs.

    These are independent services, not part of the central hyper.media service.

    Solution

      We will unify the hosting service and notify service into the main hyper.media service. This service will verify emails, store vaults, and

      This service will be open source, part of our main repository

    Identity Server DB Schema

      Users Table
 id - Primary key
 email - Unique
 vaultData - encrypted user vault data
  Encrypted<Array<key: binary>>
 counter - integer handle concurrency control (write races)
 readStatus - Encrypted<SQLiteDB binary> # TO BE DESIGNED
 isEmailVerified

Credential
 userId - Users.id FR
 type - Password,PaperKey,Passkey
 metadata - type-specific info.
  if passkey: public key of passkey
  if password: hash(hash(password) + user.id)
  if paperkey: ???
 wdek - wrapped data encryption key

EmailVerifications Table
 userId - Primary key - Users.id FR
 token - random secret
 expiryTime
 email - the email that is being verified.
   If the email is changing, this might not match the Users.email

Domains Table
 domain - Primary key
 user - User.id FR
 account - account id (public key) of the user's site/acct

EmailNotifications - FUTURE TODO. PLEASE IGNORE
 userId - Userd.id FR
 targetId - what account the user is subscribed to
 notifTypes - what sort of events should trigger emails

    Hosting Server DB Schema

      asdf

    Create an Account with a Vault

      From SiteA, click "Join" button (or create a comment, which will automatically start the join process).

      The user will choose an identity provider. Then the user will redirect to that domain, and input their username, domain, or email address:

      Now the hyper.media server will go check its database to find this user if they already exist. The server will send a magic link to the user.

      Once the user has clicked the magic link, they will then authenticate or re-authenticate using a passkey or password

      asdf

    API Endpoints

      All of the https://hyper.media/api/vault/* endpoints will route to the identity service.

      /api/vault/authenticate

        { email: string }

      /api/vault/verify

        {
  email: string,
  validationToken: string,
  credential: Credential
}

      /api/vault/write

        {}

      /api/vault/LOL

        {}

    Open Decisions

      Will we integrate this into our existing web and daemon code, or will we run this as a new standalone service (using caddy or traffeik to proxy appropriately)?

      What language will this new service be implemented in?

      How will we migrate the existing hosting users and email notification subscribers to the new table?

Powered by Seed Hypermedia