Programming

24972 readers

737 users here now

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Follow the programming.dev instance rules
Keep content related to programming in some way
If you're posting long videos try to add in some form of tldr for those who don't want to watch videos

Wormhole

Follow the wormhole through a path of communities !webdev@programming.dev

founded 2 years ago

MODERATORS

snowe@programming.dev

Ategon@programming.dev

MaungaHikoi@lemmy.nz

UlrikHD@programming.dev

103

PoC - Use Matrix instead of emails for logins (codeberg.org)

submitted 2 weeks ago by TheOfficial@programming.dev to c/programming@programming.dev

30 comments fedilink hide all child comments

I wrote a proof of concept that allows the user to sign up to a service using their matrix ID e.g @user:server.test. The user then receives an activation link in an encrypted room from the service. It worked quite easily and within 2 days of fumbling around with the matrix SDK in python and FastAPI, here we are.

This has been in my head for a while and I just wanted to see if it's possible (the proof is in the ~~pudding~~ code). Emails are insecure and national services are starting to implement communication services on top of matrix. It's a not inconceivable that citizens might get a government issued Matrix account and communicate safely with the government over a secure protocol. Why not allow other services to do the same?

Imagine if instead of providing your email address for signing up to services you used matrix instead. Your host wouldn't be able to read your messages and it could replace things like 2FA codes over SMS, activation links in emails, or health documents from your doctor's CMS in your email inbox.

Should there be enough time, I'd like to try and contribute this login method to forgejo (the software behind codeberg that's hosting this repository), but let's see. First it would take learning go 😅

you are viewing a single comment's thread
view the rest of the comments

[–] mike_wooskey@lemmy.thewooskeys.com 4 points 2 weeks ago (1 children)

I'd assume that many services were created to send an activation link via email and don't know how to talk to a Matrix server. In those cases, do they email their activation link to a service or proxy that then communicates it to the appropriate matrix server/account/room?

[–] TheOfficial@programming.dev 3 points 2 weeks ago (1 children)

If the existing service doesn't want to use matrix IDs and insists on using email, then there is a matrix-email bridge (postmoogle). If the matrix server has that installed, it will be communicating with email and the service won't have to do anything. Of course, it doesn't make the communication more secure.

The service could also host their own matrix server with postmoogle, send an email with some format to it and a bot on the matrix server then sends it to the matrix ID of the user, but that's way more complicated than just adding some code to support communicating via the matrix protocol outright. I did it in about 50 lines (set up the client, create an encrypted chat room, send a message).

[–] mike_wooskey@lemmy.thewooskeys.com 3 points 2 weeks ago

Thanks for explaining. 🙂