Account creation doesnt take a DID as an input

[whyrusleeping]

In looking over the API I noticed that com.atproto.account.create doesnt take a DID as an input, I guess the assumption is that the PDS will create a DID for the user through the PLC server in the backend? I think its very important that the user can come to a PDS with their own DID and register an account somehow.

[pfrazee]

PLC DIDs are expected to be allocated by the PDS in most cases. Bundling DID-allocation in the account creation basically simplifies the flow.

Our thinking has been that we can conceptualize "user brings a DID" as part of a migration flow in which case we'll want to implement methods that are designed for that -- likely a variant of account.create which includes ways to upload or transfer the repo.

[AaronGoldman]

I agree with @pfrazee. If am coming in with an existing DID then the PDS should ask for the latest commit. The first commit at the new PDS should point to the last commit from the old one.

The PDS also needs to provide the DID controller with the key for the PDS to use in signing so the DID controler can update the DID Document to contain the PDS's location and key.

This is likely to be a two-phase action the DID controler

1. Request a key info from the destination PDS
2. Update the DID Document with the destination PDS's info [note] this can be done by the previous PDS or the recovery key.
3. Present the destination PDS with the updated DID Document (Operation Log), and last signed commit from previous PDS.
4. Rotate the recovery key (optional)

Once the destination PDS publishes the first commit with a pointer to the last signed commit from previous PDS any commits after that from the old PDS are invalid.