OPAQUE API
OPAQUE endpoints are used by DarkAuth’s hosted UIs and internal flows. Application developers normally do not call these endpoints directly unless they are building a custom DarkAuth-compatible UI.
User endpoints
Section titled “User endpoints”POST /opaque/register/startPOST /opaque/register/finishPOST /opaque/login/startPOST /opaque/login/finish
Registration creates or replaces the OPAQUE record. Login authenticates against that record and creates session state.
Admin endpoints
Section titled “Admin endpoints”Admin login uses separate OPAQUE endpoints under the admin API. Admin accounts are a different cohort from regular users, so their OPAQUE records are stored separately.
Install endpoints
Section titled “Install endpoints”The first admin account is registered through install OPAQUE endpoints. These are only active before initialization.
Security behavior
Section titled “Security behavior”DarkAuth binds login finish to the server-side OPAQUE login session created during login start. Client-supplied identity fields are not trusted for session minting.