Skip to content

mlane/identity-continuity-protocol

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
 
 
 
 
 
 

Repository files navigation

The Identity Continuity Protocol (ICP)

Authentication isn't about who someone is today. It's about never losing them tomorrow.

The Problem: The "Forgotten User"

Most auth systems are built for the moment of login, not the lifetime of a human. They answer "can this person get in right now?" but ignore the harder question: "will this still be the same person in five years?"

The result is identity fragmentation. A user signs in with Google today, with SMS next year, forgets which email they used, changes their phone number, and the system quietly creates a stranger in their place. We don't lose users to bad passwords. We lose them to bad continuity.

The Three Rules

Rule #1: Email as Identity Insurance

A phone number is not a permanent identity. ~35 million phone numbers are recycled every year. A number you own today may belong to a stranger in 2-5 years.

The Rule: Every account must carry an email, even when SMS is the primary auth method. The email does not need to be a verified provider on day one - it can live as a field on the user record (a single updateUser mutation). It exists as the fallback that survives when the phone number doesn't.

Why: When a recycled number tries to sign in after a period of inactivity, the email is the thread that proves who the original human was - and blocks the stranger.

Rule #2: The Preliminary Background Check (Identity Bridging)

Before creating a user, ask: does this human already exist here?

The Rule: On any new auth attempt, perform a lookup by phone number (scoped to tenant/site). If a user exists, derive their external ID, resolve their providers, and offer to link instead of create.

Why: This stops "User 2." It ensures one human maps to one record per site. Instead of fragmenting identity across accounts, the system stitches the human back to themselves: "Welcome back - sign in with Google to continue."

Rule #3: Phone Uniqueness (Email Parity)

A phone number is treated with the same strictness as an email: a unique key.

The Rule: A phone number maps to exactly one user per tenant. Changing a phone number is a deliberate re-link (unlink old, verify new), not a casual overwrite. Validate every new phone against Rule #2 before binding it.

Why: If one number can belong to multiple accounts, the Rule #2 lookup collapses - the system can no longer answer "whose account is this?" Uniqueness is the foundation the entire protocol stands on.

The Source of Truth

Auth is the pure layer. A user is not created until the provider (e.g. Firebase) has signed off - meaning the OTP is entered and the provider data actually changes. It is all-or-nothing: no half-created users from network drops or abandoned flows.

The provider answers "what is verified?" The application database keeps a record, but it never overrides the provider's truth.

The Golden Rule: Verify -> Bridge -> Bind

  1. Verify: Never trust an identifier until the provider confirms ownership (OTP entered, provider added).
  2. Bridge: Before creating anyone, check if they already exist and link instead.
  3. Bind: Enforce uniqueness so every identifier points to exactly one human.

Why This Beats the Standard

Standard auth tutorials optimize for the first login. This protocol optimizes for the fiftieth - across phone changes, provider migrations, years of inactivity, and recycled numbers. It treats identity as something to preserve, not just verify.

About

An opinionated standard for preserving user identity across the entire lifecycle, preventing lost, duplicated, and recycled accounts.

Topics

Resources

License

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors