turt2live
commented
1 year ago Please open this against the spec.
Closed erebion closed 1 year ago
turt2live
commented
1 year ago Please open this against the spec.
erebion
commented
1 year ago No, the wish is for someone with the right knowledge to do work defining how this could be implemented.
Nothing that has to do with the spec. We only need to know how web services should handle passwort resets, not have the spec changed for this.
turt2live
commented
1 year ago That is a concern for the spec, though with the transition to OIDC the password reset portion is likely to be moved out of consideration (left as a detail for the authentication provider)
erebion
commented
1 year ago If I have an online shop or a web forum and I want to offer users a way to reset their passwords using Matrix, where does the spec change fit in?
There only needs to be some designing of how a web service should implement this.
turt2live
commented
1 year ago What you're describing is OIDC, which indeed wouldn't touch the spec. This repo is still not the place for such a request.
Matrix (currently, without OIDC) manages user accounts itself, so includes password reset functionality.
erebion
commented
1 year ago Yeah, but if I have a web forum and users that want to reset their password via Matrix then this has nothing to do with OIDC...
erebion
commented
1 year ago After all, Matrix is much better for this than Email. I mean, just look at what a mess email is in terms of security, or rather the lack thereof.
erebion
commented
1 year ago What you're describing is OIDC, which indeed wouldn't touch the spec. This repo is still not the place for such a request.
Also, OIDC is for logging in, it's not even close to the idea.
I'd like to see a standardised way to do password resets via Matrix instead of via Email.