Detail how to get <access token> in readme

[Thatoo]

In the Readme, it is written :

Double puppeting

Log in with login-matrix <access token>
After logging in, the default Matrix puppet of your Signal account should leave rooms and your account should join all rooms the puppet was in automatically.

Would it be possible to explain how a user can get this ?

[MayeulC]

Right. The simplest way is just to copy-paste it from an existing client.

Screenshot from Element


However, this has the downside of tying these sessions together: if logging out of that client, both the puppet and the client will be logged out. I suggest opening https://app.element.io in a private browsing session and logging in there to obtain a fresh access token, then giving that to the bridge, and closing the private browsing session.

There are other possibilities, including logging in with curl on the command line, but it's probably easier to use a Matrix client, which is likely to support the authentication flow (Password, Single-Sign-On, 2FA, etc) requested by your Matrix server.

See also: https://webapps.stackexchange.com/questions/131056/how-to-get-an-access-token-for-element-riot-matrix

Mautrix doc (note that it's possible to automatically generate tokens for the local matrix server users, we should probably add support for this somewhere after #24 ): https://docs.mau.fi/bridges/general/double-puppeting.html?highlight=token#manually

The Matrix specification regarding this lives there: https://www.matrix.org/docs/guides/client-server-api#login

I should probably make a wiki entry or something, or at least link to this answer from the Readme, you are right.

[Thatoo]

Thank you for these explanation and I guess it is indeed a good start to make a link to this answer in the Readme. Reading the link you gave, I reach to https://docs.mau.fi/bridges/general/double-puppeting.html#automatically and I wonder if it would not be a good idea to make a yunohost matrix-synapse-shared-secret-auth app ? This app could then be used by all different bridges that allow double puppeting.

[Thatoo]

When I tried with the access token of my Element desktop, the bot told me : The given access token is for a device that has encryption keys set up. Please provide a fresh token, don't reuse one from another client. I'll try with https://app.element.io/

[MayeulC]

Ah, good catch, I didn't think of this. I'm not sure it will work with element.io, then :/

The shared app is indeed a good idea, but that's one more thing admins will need to take care of.

[Thatoo]

I tried on app.element.io and I got the same answer from the bot....

[Thatoo]

I suceeded with this command by ssh in my server :

curl -XPOST -d '{"type":"m.login.password","identifier":{"type": "m.id.user", "user": "MYYUNOHOSTUSERNAME"},"password":"MYYUNOHOSTPASSWORD","initial_device_display_name":"signal bridge"}' https://MYYUNOHOSTSYNAPSESERVERADDRESS/_matrix/client/v3/login

[Thatoo]

Actually, would it not be possible to modify the signalbot command matrix-login in a way that,if the user don't add any (let it blank, no argument to the command), then the client (Element) would ask for password that will allow the mautrix-signal service to launch this command and get a specific ?

[MayeulC]

It would require changing both the client (Element) and the bot, agree to a protocol, and this might open a whole new can of worms.

Unfortunately, password login may be disabled on some servers, making the CURL method impossible to use. Not to mention not user-friendly. We could use a modified version of Element or another dummy web app, that does not set up encryption, and host it.