Programming

25079 readers

62 users here now

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Follow the programming.dev instance rules
Keep content related to programming in some way
If you're posting long videos try to add in some form of tldr for those who don't want to watch videos

Wormhole

Follow the wormhole through a path of communities !webdev@programming.dev

founded 2 years ago

MODERATORS

snowe@programming.dev

Ategon@programming.dev

UlrikHD@programming.dev

bugsmith@programming.dev

Spyro@programming.dev

103

PoC - Use Matrix instead of emails for logins (codeberg.org)

submitted 2 weeks ago by TheOfficial@programming.dev to c/programming@programming.dev

30 comments fedilink hide all child comments

I wrote a proof of concept that allows the user to sign up to a service using their matrix ID e.g @user:server.test. The user then receives an activation link in an encrypted room from the service. It worked quite easily and within 2 days of fumbling around with the matrix SDK in python and FastAPI, here we are.

This has been in my head for a while and I just wanted to see if it's possible (the proof is in the ~~pudding~~ code). Emails are insecure and national services are starting to implement communication services on top of matrix. It's a not inconceivable that citizens might get a government issued Matrix account and communicate safely with the government over a secure protocol. Why not allow other services to do the same?

Imagine if instead of providing your email address for signing up to services you used matrix instead. Your host wouldn't be able to read your messages and it could replace things like 2FA codes over SMS, activation links in emails, or health documents from your doctor's CMS in your email inbox.

Should there be enough time, I'd like to try and contribute this login method to forgejo (the software behind codeberg that's hosting this repository), but let's see. First it would take learning go 😅

you are viewing a single comment's thread
view the rest of the comments

[–] JadedBlueEyes@programming.dev 19 points 2 weeks ago (1 children)

Hi there, Continuwuity developer here - This seems like an awesome idea! You might also want to see if you can use/extend the new oauth specification from MAS to create a more 'Log in with Social' like experience, too, although only Synapse supports that right now

[–] TheOfficial@programming.dev 5 points 2 weeks ago (1 children)

Hey @JadedBlueEyes@programming.dev, are you talking about Synapse's SSO implementation? I've had to deal with SAML before and it wasn't a particularly joyful experience but since synapse makes it possible, it would indeed be a useful contribution to Forgejo too! Maybe it's just a question of providing documentation and some example configs for Forgejo to make instance owners aware of the Synapse SSO capabilities.

The reason I went with this is implementation is because email just seems to be a notification and communication channel used by other services. Giving the additional option of using Matrix could be easier for devs than figuring out SAML or OIDC.

Question about continuwuity: how can I create an admin user? It might be missing from the doc and the docker image doesn't have a register_new_matrix_user script.

[–] JadedBlueEyes@programming.dev 2 points 2 weeks ago

I'm talking about https://github.com/element-hq/matrix-authentication-service which is the only implementation of https://github.com/matrix-org/matrix-doc/pull/3861 right now.

Yeah, saml is a nightmare! Never make me touch saml, please 🥺

In Continuwuity, the first user created is the admin user - so creating a user using either a registration token, or an admin command via --exec, the emergency password, the interactive console, etc would work.