(no title)

Each client generates an ECDSA P-256 keypair locally (IndexedDB, private key non-extractable, never leaves the device). The client authenticates with Keycloak once and sends their public key to the Gryt Identity Service, which issues an identity certificate: a CA-signed JWT binding the public key to the user's Gryt ID. This isn't a bearer token; it only proves key ownership.

When joining a server, the flow is challenge-response: the server sends a nonce, the client signs a short-lived assertion JWT (bound to that server + nonce, 60s TTL) with their private key, and sends it along with the certificate. The server verifies the certificate against the CA's JWKS, extracts the public key, and verifies the assertion signature.

So servers never see the Keycloak token or password. They only verify the CA-signed certificate and proof-of-possession via the signed assertion. The identity system is now fundamentally key-pair-based.