this post was submitted on 16 Jan 2026
103 points (95.6% liked)

Programming

25296 readers
1027 users here now

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Rules

  • Follow the programming.dev instance rules
  • Keep content related to programming in some way
  • If you're posting long videos try to add in some form of tldr for those who don't want to watch videos

Wormhole

Follow the wormhole through a path of communities !webdev@programming.dev

founded 2 years ago
MODERATORS
snowe@programming.dev
Ategon@programming.dev
UlrikHD@programming.dev
bugsmith@programming.dev
Spyro@programming.dev
103
PoC - Use Matrix instead of emails for logins (codeberg.org)
submitted 2 weeks ago by TheOfficial@programming.dev to c/programming@programming.dev
30 comments fedilink hide all child comments
 

I wrote a proof of concept that allows the user to sign up to a service using their matrix ID e.g @user:server.test. The user then receives an activation link in an encrypted room from the service. It worked quite easily and within 2 days of fumbling around with the matrix SDK in python and FastAPI, here we are.

This has been in my head for a while and I just wanted to see if it's possible (the proof is in the ~~pudding~~ code). Emails are insecure and national services are starting to implement communication services on top of matrix. It's a not inconceivable that citizens might get a government issued Matrix account and communicate safely with the government over a secure protocol. Why not allow other services to do the same?

Imagine if instead of providing your email address for signing up to services you used matrix instead. Your host wouldn't be able to read your messages and it could replace things like 2FA codes over SMS, activation links in emails, or health documents from your doctor's CMS in your email inbox.

Should there be enough time, I'd like to try and contribute this login method to forgejo (the software behind codeberg that's hosting this repository), but let's see. First it would take learning go 😅

you are viewing a single comment's thread
view the rest of the comments
[–] erebion@news.erebion.eu 1 points 2 weeks ago (2 children)

Proticols dont do any thing. Platforms/implementations do

Protocols ensure interoperability between implementations, platforms are not necessary. XMPP works just fine without it.

there are extentions that support e2e, I was just saying that is core to Matrix spec and thus every implementation.

No, there are many implementations that in fact do not support E2EE and also many that cannot keep up with the many protocol changes.

Heck, I’d think Matrix, Nostr, and XMPP would better than email, which itself is better than shudders propritary “social” media, or plutocrat accounts like Google, Apple, or Microsoft.

I partly agree. Email has issues, but largely works. Proprietary "social" media is just hell. I haven't looked into Nostr yet, but am going to. Matrix is slow, XMPP has proven to work well for a while, it has been around since 1999 after all. It is extensible, which means you can make it work just as well in the future.

Not a fan of Matrix in particular, but I guess it's still better than Facebook, but that's not a high bar.

[–] fruitycoder@sh.itjust.works 1 points 2 weeks ago

What Matrix servers and clients don't support e2ee?

[–] fruitycoder@sh.itjust.works 0 points 2 weeks ago

I mean out of date software is going to lose compatabilty with encryption.