israrkhan
commented
6 years ago Thought of the same for a while ago, or we discussed it together? Idk. But what would be nice is to have some sort of visual control of who can read the individual threads. So might be a list visible on topics with external users.
When it comes to authentication, a magic link could work... And probably safer than a static per-user guid-based link I guess?
This idea came up in a discussion at work, inspired by Slack's concept of single/multi-thread guests.
Idea overview
Our use-case for Converse is basically having one thread per ongoing "project" or "discussion". Sometimes threads can be about topics involving outside organisations.
Converse currently only supports a single OIDC authentication source (and, to be honest, only Office365 at the moment due the field naming) for the actual user-base, but it would be interesting to add a concept of per-thread guest users to the software.
The main question is how those users would end up getting authenticated: Ideally no accounts or credentials would have to be created and stored for them.
Possible implementation
One way to do this would be using email-based "magic link" authentication, with no passwords whatsoever.
If Converse was configurable with an SMTP setting (which is useful anyways for future features like post notifications), it could have a feature to generate a guest account, whitelist threads for this guest account and then create on-demand links for the user whenever they'd like to log in. Session duration can probably be relatively long (configurable) so that we avoid having to make them jump through email logins all the time.
Thoughts welcome.