Adjust login to be friendlier to saving and restoring passwords

[pontaoski]

Currently, the highly dynamic nature of login makes it hard for clients other than web browsers that see "that's a username and that's a password field, let's autocomplete" to fill passwords, or better yet, save login details in the OS-provided wallet and attempt to create a new session when the old one expires

[bluskript]

chrome seems to be autofilling the fields just fine for me... Saving login credentials in a wallet sounds kinda risky (i'd much rather only store sessions), and overall integrating it with the auth system might be too flaky (what if the app runs into a captcha while logging in?)

[pontaoski]

the point of the OS wallet is to provide storage for credentials and whatnot.

chrome seems to be autofilling the fields just fine for me.

it hard for clients other than web browsers that see "that's a username and that's a password field, let's autocomplete" to fill passwords

matrix's model of predefined authentication methods in the protocol makes this easy. if it's a m.login.password, the client can know to persist the account information. at startup, the client can simply post this step. if it succeeds, it progresses beyond that step (either to captcha step, session, or something else the homeserver sends). if it fails, the client simply enters the login screen as normal.

[bluskript]

Clients could just use FormField.name to identify fields in that case. https://github.com/harmony-development/protocol/blob/main/auth/v1/auth.proto#L44

[pontaoski]

either way, i think we should have a way for clients with information saved to be able to automatically go "can you do something with this password form" instead of having to rely on the user to select a choice in the UI

[bluskript]

I suppose. Clients can probably just manually invoke NextStep after setting the appropriate fields.

(it would probably look like a tape recorder playing back to the user though as the steps are being filled out :harold:)