Add option to autobind user's email on registration #51
Conversation
anoadragon453
force-pushed
the
anoa/sydent_internal_bind
branch
from
cb7f92d to
2d09951
Compare
|
For context, we don't plan to port it on mainline because it's using the internal bind API, which is a Sydent-specific feature rather than one from the IS API. |
|
@babolivier This is why I featured sydent so prominently in the config option. Eventually we will need to port this functionality to mainline though. Perhaps it would be better done in a Synapse module (which would be out of scope for this PR)? |
Yeah, I just wanted to keep a written record here of the exact reason why we were doing this :)
Yes I think it should definitely be in a module (e.g. with a post-registration hook). |
|
Ok. If we're not mainlining it in this state though (config option), then I'll just remove the config option. |
|
I'd advocate towards leaving it in - I assume we'll end up with a module that potentially does a lot of stuff and we'll probably want to be able to fine-tune what we run in which setup. |
|
tbh I don't think the config option is necessary to remind us that we should allow configuration of a module later. However, after thinking it over, since we need to provide an IS URL somewhere (and it'd be gross to hard-code that somewhere into the codebase) a configu option is probably the best place to put it, mainline or not. |
anoadragon453
force-pushed
the
anoa/sydent_internal_bind
branch
from
28e802c to
f8e3d1b
Compare
…API (#66) #51 added an option that would automatically bind a user's threepid to a configured identity server after they had registered. Unfortunately, when you bind threepids, ideally you would store that mapping in the database so that later on you can remove those mappings when you deactivate an account. We found that due the fact that we did not store these mappings, threepids were not unbound upon user account deactivation. This PR fixes the issue by creating the mappings again, meaning they will again be removed upon account deactivation.
Adds an option,
bind_new_user_emails_to_sydent, which uses Sydent's internal bind api to automatically bind email addresses of users immediately after they register.This is quite enterprise-specific, but could be generally useful to multiple organizations. This aims to solve the problem of requiring users to verify their email twice when using the functionality of an identity server in a corporate deployment - where both the homeserver and identity server are controlled. It does with while eliminating the need for the
account_threepid_delegates.emailoption, which historically has been a very complicated option to reason about.This is implemented as an option in preparation for potentially mainlining the code.We've decided it should be mainlined in module form instead.TODO: