Closed erebion closed 1 year ago
Please open this against the spec.
No, the wish is for someone with the right knowledge to do work defining how this could be implemented.
Nothing that has to do with the spec. We only need to know how web services should handle passwort resets, not have the spec changed for this.
That is a concern for the spec, though with the transition to OIDC the password reset portion is likely to be moved out of consideration (left as a detail for the authentication provider)
If I have an online shop or a web forum and I want to offer users a way to reset their passwords using Matrix, where does the spec change fit in?
There only needs to be some designing of how a web service should implement this.
What you're describing is OIDC, which indeed wouldn't touch the spec. This repo is still not the place for such a request.
Matrix (currently, without OIDC) manages user accounts itself, so includes password reset functionality.
Yeah, but if I have a web forum and users that want to reset their password via Matrix then this has nothing to do with OIDC...
After all, Matrix is much better for this than Email. I mean, just look at what a mess email is in terms of security, or rather the lack thereof.
What you're describing is OIDC, which indeed wouldn't touch the spec. This repo is still not the place for such a request.
Also, OIDC is for logging in, it's not even close to the idea.
I'd like to see a standardised way to do password resets via Matrix instead of via Email.