How Portable Profile IDs Work
A portable profile ID is the stable identifier your app uses to recognize a DeadArk user across sessions and apps — without ever touching their private account.
- A portable profile ID is a stable identifier representing a user’s public identity across apps.
- It is what your app stores to recognize a returning user — key your records on it.
- The private account UUID is never exposed; profile and account are deliberately separate layers.
- Portability means the same identity can be recognized across the apps a user signs into.
What a portable profile ID is
A portable profile ID is the stable identifier your app receives for a user who signs in with DeadArk. It represents the user's public, profile-level identity — the thing that is meant to be shared with apps and recognized consistently — and it is what you store to know that two sessions belong to the same person.
The word *portable* is the important part. The same profile identity is recognizable across the different apps a user authenticates into, which is what makes "bring your identity with you" real rather than rhetorical.
Profile layer vs. account layer
DeadArk deliberately separates two things most systems blur together:
- The account is the user's private root — their underlying record, credentials, and recovery. This layer is never exposed to integrating apps.
- The profile is the public identity built on top of the account — the portable identifier and public claims that apps are allowed to see.
Your integration lives entirely at the profile layer. You identify users by their portable profile ID and read public claims; you never see, store, or depend on the private account UUID. This boundary is a feature: it gives you exactly enough to recognize a user and nothing you could leak to harm them.
How to use it in your app
- Key your user records on the portable profile ID. When a user signs in, look up your account record by this identifier; create one if it is their first time.
- Do not key on mutable display data. Names and avatars can change; the profile ID is the stable anchor.
- Treat it as the identity, not a secret. It is an identifier, not a credential — your security comes from the OAuth/PKCE flow, not from hiding the ID.
Why portability matters for your users
Because the profile ID is portable, a user who signs into your app is arriving as *themselves* — the same identity they carry elsewhere — rather than as a brand-new, isolated account. That continuity is good for users (one identity, not fifty) and good for you (a real, verified identity backed by passkey authentication, with no password to manage).
It also respects exit: because identity lives at the portable profile layer rather than being trapped in any one app, users retain ownership of who they are. Your app is a place they use their identity, not a place that owns it.
The short version
A portable profile ID is the stable, public, cross-app identifier you store to recognize a DeadArk user — separate by design from the private account UUID, which integrating apps never see.
Frequently asked questions
What is a portable profile ID?
A portable profile ID is the stable identifier representing a user’s public, profile-level identity across apps. Your app stores it to recognize a returning user and keys account records on it.
Why doesn’t my app receive the account UUID?
DeadArk separates the private account layer from the public profile layer. Integrating apps work only at the profile layer, so they get enough to recognize a user and nothing they could leak to harm them.
Should I treat the profile ID as a secret?
No. It is an identifier, not a credential. Security comes from the OAuth 2.1 / PKCE flow; you key your user records on the profile ID rather than hiding it.
More in Developers
A practical security checklist for integrating Sign in with DeadArk: PKCE, state, redirect URIs, server-side exchange, scopes, and safe identity storage.
How OAuth 2.1, PKCE, and passkeys fit together to give your app phishing-resistant login — and why this combination closes the gaps older flows left open.
A step-by-step guide to adding Sign in with DeadArk to your app: register a client, run the PKCE flow, exchange the code, and read profile claims.
DeadArk is a local social network for people, communities, businesses, projects, publications, and institutions to connect through shared interests and place. Learn more at deadark.com.