I wrote a proof of concept that allows the user to sign up to a service using their matrix ID e.g @user:server.test. The user then receives an activation link in an encrypted room from the service. It worked quite easily and within 2 days of fumbling around with the matrix SDK in python and FastAPI, here we are.
This has been in my head for a while and I just wanted to see if it’s possible (the proof is in the pudding code). Emails are insecure and national services are starting to implement communication services on top of matrix. It’s a not inconceivable that citizens might get a government issued Matrix account and communicate safely with the government over a secure protocol. Why not allow other services to do the same?
Imagine if instead of providing your email address for signing up to services you used matrix instead. Your host wouldn’t be able to read your messages and it could replace things like 2FA codes over SMS, activation links in emails, or health documents from your doctor’s CMS in your email inbox.
Should there be enough time, I’d like to try and contribute this login method to forgejo (the software behind codeberg that’s hosting this repository), but let’s see. First it would take learning go 😅
You must log in or # to comment.
Hi there, Continuwuity developer here - This seems like an awesome idea! You might also want to see if you can use/extend the new oauth specification from MAS to create a more ‘Log in with Social’ like experience, too, although only Synapse supports that right now
Matrix? For account creation? WTF?
Why not use an existing internet standard instead? There are so many RFCs, something would work.
Like… IRC. Or XMPP.
That’s what RFCs are for.
Matrix was sure a nice idea but still doesn’t work remotely as food as it needs to, to replace email for that. I take an unencrypted insecure email over matrix any day.
Woah, cool idea! I wonder how feasible that would be.
I’d assume that many services were created to send an activation link via email and don’t know how to talk to a Matrix server. In those cases, do they email their activation link to a service or proxy that then communicates it to the appropriate matrix server/account/room?
So can i get rid of simplelogin with something like this?
