ModuleAPI to provide alternative registration flows

[Half-Shot]

EDIT: After discussions with the team, this a documentation omission rather than a feature request.

We'd like the ability to provide an alternative registration system by way of module. In particular our requirements are that we'd like users to hit register and instantly be granted an account with a randomized userId (but not be nerfed like Guests). This would presumably be quite a simple module, so it would be good to have hooks for that.

[reivilibre]

I wonder if this is already possible (or close to being possible)?

It seems like modules can already specify kind of login they want to handle — what would happen if you invented a login type xyz.betterguest and allowed users to register without any checks (I guess you prevent login / check_auth always returns false — to prevent someone impersonating someone else who already registered)?

#11743 is somewhat involved with 'don't let the user choose a user ID, just give them one and they'll have to live with it'.
It seems like that would open the door to just giving them a randomised user ID (though equally you could probably generate some client-side and keep trying until you get a free one).

EDIT: Here's a reference: https://matrix-org.github.io/synapse/latest/modules/password_auth_provider_callbacks.html#auth_checkers
It says user-defined login types are acceptable. I think this sounds promising!

EDIT: module_api.check_user_exists(user_id) is a thing, reading through the LDAP3 source code (which may be useful as a reference for dynamically registering accounts — not sure how built-in that is). That'd likely be useful in your check_auth to prevent logging in as someone else's ephemeral 'better guest' account.

[babolivier]

#11743 is somewhat involved with 'don't let the user choose a user ID, just give them one and they'll have to live with it'.

It's not anymore.

We'd like the ability to provide an alternative registration system by way of module.

Modules can already define custom authentication flows: https://matrix-org.github.io/synapse/latest/modules/password_auth_provider_callbacks.html

As an aside, #11790 is a thing that's coming up, which allow modules to arbitrary assign a username to new users, which might also be worth looking into. It doesn't interact with custom UIA steps at all though (only allows the module to override the username once the flow completes), so might not entirely be what you need.

I'd be curious to hear about what you think is missing from the password auth provider callbacks to allow for your use case.

[Half-Shot]

I think I am just a little confused on password auth providers vs registration. When I read the docs I could only see ways to interact with authentication, rather than registration. I suppose I could invent a login type that autogenerates an account, but I did want to craft something around /register.

This might be better off in a chat than on GitHub :)

As an aside, #11790 is a thing that's coming up, which allow modules to arbitrary assign a username to new users

This would possibly cover it, though there may be some complexity that we would only want this for one registration flow (guest-like) so I think we'd still need a flow.

[Half-Shot]

Okay, so @babolivier confirmed to me OOB that Modules can hook into UIA and it's probably sensible for the Module API to document them. I'll rephrase the issue.

[babolivier]

From chat, it sounds like password auth providers might work, but the documentation is confusingly saying that they're for auth. While it's correct (since registration uses UIA), it could use some spelling out in the docs. I've opened #11800 to track this, in the meantime I'll close this - @Half-Shot feel free to reopen if you find out that the current module interface is missing things.

[babolivier]

Oh huh, it looks like we clashed here :/
Let's keep this one closed and use #11800 to track the docs improvement since it won't have as much noise in its history.