Adding support for email identity #3061
Conversation
silva-fj
force-pushed
the
p-685-add-support-for-email-identity
branch
from
99fcc5c
to
616816c
Compare
| fn send(&mut self, mail: Mail) -> Result<(), String> { | ||
| let sendgrid_mail = SendGridMail::new(self.from.clone(), mail); | ||
| self.client | ||
| .post(String::default(), &sendgrid_mail) |
There was a problem hiding this comment.
This means sendgrid account owner knows what emails were linked and when ?
There was a problem hiding this comment.
This is an interesting point. The SendGrid account owner could know what emails requested the verification code in the last few days, but this is true for any service. We would have to setup and manage our own SMTP server if we want to prevent this, but even if we do that it would be very difficult to convince users that this is really the case. There has to be some level of trust for this solution. Another solution could be to add the option to verify with ZK proofs, so users can decide what to use. The tradeoff is that the UX is really bad
There was a problem hiding this comment.
I haven't tested it but the logic looks good!
Do you know if we still have SendGrid account? @jonalvarezz
I remember we had it for MCP
tee-worker/litentry/core/identity-verification/src/web2/email/mailer/mod.rs
Outdated
Show resolved
Hide resolved
This reverts commit bf6e31e.
BillyWooo
added
the
C1-noteworthy
This PR adds support for email identities.
Important notes:
We have some limitations due to our current rust tool chain version and the compatibility with sgx environment, so we can't use the available libraries to send emails (via SMTP). After exploring some options available I found SendGrid to be the most convenient option (IMO). It provides an api we can use to send emails via http, the services are reliable and the pricing is reasonable. So, I have implemented a sengrid mailer. Having said that, we could easily migrate to other options if needed in the future.
We may as well need some design for the email template, for now I've added an example template that looks like this:
The flow is the following:
identity_requestEmailVerificationwith the prime identity and the email address.We need to create/setup an account in SendGrid and setup the email address that is going to be used to send the verification templates, then the following env variables need to be defined:
SENDGRID_API_KEYSENDGRID_FROM_EMAILThis PR (#3063) needs to be merged first
Important
Please note that similar to the OAuth2 verification, we need to implement "native" requests for this to work with multi-worker setup, as verification codes are stored in memory and not synced between workers.