Allow self-registration for bots

[gabrc52]

For now, registration is disabled and email account login is disabled too. So we might need a way for people to register their bots, similar to the Discord developer portal.

Maybe all bots should start with bot_ or bot- or something like that, so they don’t take people’s usernames.

We could use registration tokens, and is also a possible solution to have external users/guests/etc.

We should let people make more accounts for bots. I am thinking for UX reasons, it is best to disable password authentication otherwise people will try to make accounts or sign in with their kerb password or all sorts of stuff. So I’m thinking JSON web tokens could work: https://matrix-org.github.io/synapse/latest/jwt.html

We could make a nice UI that generates JWTs for people and it should also let people get their bot access token.

Of course, if few people are going to create bots, manually creating accounts in response to emails would probably work just fine...

[gabrc52]

It does seem like JWTs are actually pretty nice and they're stateless but you can set their expiration date, so they're not necessarily permanent. This doesn't seem that hard to make actually.

Alternative: https://github.com/devture/matrix-synapse-shared-secret-auth

[gabrc52]

I think JWTs are either for a completely different purpose, and if only used in the backend, probably completely overkill.

However making an appservice claim all accounts ending with bot and then using the app service API to create the accounts and get access tokens sounds like a reasonable solution.