-
-
Notifications
You must be signed in to change notification settings - Fork 104
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Registration v2 improvements (SPEC-274) #128
Comments
Jira watchers: @kegsay |
Links exported from Jira: relates to https://github.com/matrix-org/matrix-doc/issues/430 |
Note that the second and third options for side-effectful stages can be hybridized, so as to retain the separation of concerns where the HS doesn't need to know about how sending emails works, while tying the IS' behavior to the auth flow. Specifically, the "first step" can return a token that the IS needs to be handed in order to trigger the side effect, and then the side-effect carries the information that needs fed into the "fulfillment" step of the auth stage. This might be a perfect application of third-party caveats in macaroons - the information in the side effect (email, etc) can be the discharge macaroon. -- Alex Elsayed |
https://github.com/matrix-org/matrix-doc/issues/430 possibly related -- Alex Elsayed |
This side note in matrix-org/matrix-spec-proposals#531 :
..is exactly what I want to be tracking. #128 seems very relevant to this effort. Anything else I should be looking into? Simply put, what I want to be tracking is "social logins for a Matrix room/server". As in:
This is an essential login flow for non-technical communities. |
It is up to the Homeserver to decide which registration flows it will accept. Presenting buttons like the image above would be ideal for HSes which support OAuth-style registrations/logins, but AFAIK Synapse does not (only LDAP/CAS auth, which is similar but subtly different to OAuth). |
v2 registration in its current form has the following problems:
m.login.oauth
for Google vs Github)I had a nice chat with eternaleye about some of these issues and the main points were:
m.login.email.identity
) it eagerly sends the email / does the side effect knowing that the client will be able to do the whole thing.id
to distinguish between the same type with different params (E.g. oauth type hitting Google vs Github) which is sent up to the server.params
at the top-level separate from its stage is questionable and in its current form (where this consists of keys with the stage type) don't actually allow you to do the Github vs Google case because you'd clobberparams["m.login.oauth"]
. Suggestion was to tie params with the actual stage rather than be top-level e.g.For this to play nicely with ordering, servers would hold back processing later stages even if they have received the data from the client until all previous stages are done (e.g. stages [A,B,C], client submits A,C, only A is processed since they haven't done B yet).
Proposed actions:
id
system with coupledparams
.(Imported from https://matrix.org/jira/browse/SPEC-274)
(Reported by @kegsay)
The text was updated successfully, but these errors were encountered: