-
Notifications
You must be signed in to change notification settings - Fork 11
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Key reset for EX #2415
Comments
Note to make the reset less destructive as possible we should ensure that all clients have a local copy of what is in the backup (import all in background at least once) https://github.com/element-hq/crypto-internal/issues/273 |
The proposal looks sane to me. We need to estimate the work. What is the expected time for this? Should we wait for https://github.com/element-hq/crypto-internal/issues/273 to be landed to be as less destructive as possible? Should we add this reset flow to the app backup settings? |
Generally speaking, yes, all clients should have a copy of all the secrets. But the scenario we are mainly looking at right now is that you're trying to sign-in an EX device but you don't have other devices to verify with and have lost your recovery key. In this case this doesn't help, does it? We should therefore not wait for it landing. Priority should be on the non-MAS flow as this is what most users are confronted with today.
As we've already made device verification mandatory on EX, we'd like to see this land as soon as possible. The designs are expected to be finished this week. |
I have updated the OP. The designs are now final and this is ready for engineering. |
Story
As a user I have to be able to reset my encryption ("crypto identity") for that I am able to use the app when I sign-in a new session and have no other device or recovery key to verify the device with.
Concept
As we have two authentication modes today (legacy password auth / OIDC), we have to support two different flows for key reset that are outlined in the technical concept below.
Priority should be on 1 as MAS has not been rolled-out widely yet and most users fall into this category.
Designs
Remarks
As per document and designs above the entry point for crypto identity reset is the session verification screen from where the user can chose to use the "Can't confirm" option to proceed with the reset.
The session verification screen:
Use another device
option if this is the last sessionUse recovery key
option if recovery hasn't been previously setupResetting itself can be done in 2 different ways based on the session type:
For both flows the following stand:
Scope
Android
iOS
Web
The text was updated successfully, but these errors were encountered: