Hosted onlunaticoin.blogvia theHypermedia Protocol

Develop Seed Hypermedia

Develop Seed Hypermedia

>Projects>Identity Registration Server
Identity Registration Server

Eric Vicenti

21 January 2026, 09:12

We currently have a "hosting" server which allows users to register subdomains, associated with emails. Each domain is associated with an account.

There is also a "notify" server which allows users to register for email notifications for a given account. But the notify server does not know which account is registered for notifs.

These are independent services, not part of the central hyper.media service.

Solution

We will unify the hosting service and notify service into the main hyper.media service. This service will verify emails, store vaults, and

This service will be open source, part of our main repository

Identity Server DB Schema

Users Table
 id - Primary key
 email - Unique
 vaultData - encrypted user vault data
  Encrypted<Array<key: binary>>
 counter - integer handle concurrency control (write races)
 readStatus - Encrypted<SQLiteDB binary> # TO BE DESIGNED
 isEmailVerified

Credential
 userId - Users.id FR
 type - Password,PaperKey,Passkey
 metadata - type-specific info.
  if passkey: public key of passkey
  if password: hash(hash(password) + user.id)
  if paperkey: ???
 wdek - wrapped data encryption key

EmailVerifications Table
 userId - Primary key - Users.id FR
 token - random secret
 expiryTime
 email - the email that is being verified.
   If the email is changing, this might not match the Users.email

Domains Table
 domain - Primary key
 user - User.id FR
 account - account id (public key) of the user's site/acct

EmailNotifications - FUTURE TODO. PLEASE IGNORE
 userId - Userd.id FR
 targetId - what account the user is subscribed to
 notifTypes - what sort of events should trigger emails

Hosting Server DB Schema

asdf

Create an Account with a Vault

From SiteA, click "Join" button (or create a comment, which will automatically start the join process).

The user will choose an identity provider. Then the user will redirect to that domain, and input their username, domain, or email address:

Now the hyper.media server will go check its database to find this user if they already exist. The server will send a magic link to the user.

Once the user has clicked the magic link, they will then authenticate or re-authenticate using a passkey or password

asdf

API Endpoints

All of the https://hyper.media/api/vault/* endpoints will route to the identity service.

/api/vault/authenticate

{ email: string }

/api/vault/verify

{
  email: string,
  validationToken: string,
  credential: Credential
}

/api/vault/write

{}

/api/vault/LOL

{}

Open Decisions

Will we integrate this into our existing web and daemon code, or will we run this as a new standalone service (using caddy or traffeik to proxy appropriately)?

What language will this new service be implemented in?

How will we migrate the existing hosting users and email notification subscribers to the new table?

Do you like what you are reading? Subscribe to receive updates.

Unsubscribe anytime

Powered by Seed Hypermedia