Please allow local accounts.
Your security reasoning is valid on the surface but it does not hold up to closer inspection.
1.) Let's encrypt is available for years and it's extremely easy to set up https nowadays. Everybody who can fire up a Makerverse Docker container can also fire up e.g. Traefik with let's encrypt.
2.) Your solution doesn't work properly. I have been trying to create an account and when I try to verify my email, I get either "invalid token" or "invalid link" as an error.
Besides that, I simply don't believe you that the account system as it is was done by you because of security concerns for the user. If that was the case, why require an email-address and demand to verify it? As I wrote, let's encrypt is available for years. It would be much easier to integrate let's encrypt into Makerverse than to maintain a whole oauth infrastructure. That would also be much more secure and much more privacy-friendly.
Please allow local accounts.
Your security reasoning is valid on the surface but it does not hold up to closer inspection.
1.) Let's encrypt is available for years and it's extremely easy to set up https nowadays. Everybody who can fire up a Makerverse Docker container can also fire up e.g. Traefik with let's encrypt.
2.) Your solution doesn't work properly. I have been trying to create an account and when I try to verify my email, I get either "invalid token" or "invalid link" as an error.
Besides that, I simply don't believe you that the account system as it is was done by you because of security concerns for the user. If that was the case, why require an email-address and demand to verify it? As I wrote, let's encrypt is available for years. It would be much easier to integrate let's encrypt into Makerverse than to maintain a whole oauth infrastructure. That would also be much more secure and much more privacy-friendly.