NOTE: This feature is beta: it is considered stable enough for production but is incomplete and may contain bugs.
Registration is an enhanced feature of mxisd to control registrations involving 3PIDs on a Homeserver based on policies:
- Match pending 3PID invites on the server
- Match 3PID pattern, like a specific set of domains for emails
- In further releases, use 3PIDs found in Identity stores
It aims to help open or invite-only registration servers control what is possible to do and ensure only approved people can register on a given server in a implementation-agnostic manner.
IMPORTANT: This feature does not control registration in general. It only acts on endpoints related to 3PIDs during
the registration process.
As such, it relies on the homeserver to require 3PIDs with the registration flows.
This feature is not part of the Matrix Identity Server spec.
mxisd needs to be integrated at several levels for this feature to work:
- Reverse proxy: intercept the 3PID register endpoints and act on them
- Homeserver: require 3PID to be part of the registration data
Later version(s) of this feature may directly control registration itself to create a coherent experience
location ~* ^/_matrix/client/r0/register/[^/]+/requestToken$ {
proxy_pass http://localhost:8090;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}TBC
enable_registration: true
registrations_require_3pid:
- emailSee the Configuration introduction doc on how to read the configuration keys.
An example of working configuration is available at the end of this section.
register.allowed, taking a boolean, can be used to enable/disable registration if the attempt is not 3PID-based.
false is the default value to prevent open registration, as you must allow it on the homeserver side.
register.invite, taking a boolean, controls if registration can be made using a 3PID which matches a pending 3PID invite.
true is the default value.
At this time, only email is supported with 3PID specific configuration with this feature.
Base key: register.threepid.email
If you would like to control which domains are allowed to be used when registering with an email, the following sub-keys are available:
domain.whitelistdomain.blacklist
The value format is an hybrid between glob patterns and postfix configuration files with the following syntax:
*<domain>will match the domain and any sub-domain(s).<domain>will only match sub-domain(s)<domain>will only match the exact domain
The following table illustrates pattern and matching status against example values:
| Config value | Matches example.org |
Matches sub.example.org |
|---|---|---|
*example.org |
Yes | Yes |
.example.org |
No | Yes |
example.org |
Yes | No |
For the following example configuration:
register:
policy:
threepid:
email:
domain:
whitelist:
- '*example.org'
- '.example.net'
- 'example.com'- Users can register using 3PIDs of pending invites, being allowed by default.
- Users can register using an email from
example.organd any sub-domain, only sub-domains ofexample.netandexample.combut not its sub-domains. - Otherwise, user registration will be denied.
Nothing special is needed. Register using a regular Matrix client.