Cameron Garnham

### Proposal for invitation specification: - Invitations are generated by users. - Invitations linked to the account that generated them. - Invitation may be used a configurable number of times....

@WarmBeer and @BelieveInBunny I have written a proposal for the protocol for the Invitations. This protocol avoids the server storing any secrets for the creation of invitations.

@BelieveInBunny I have updated the proposal to assure that a hashed token cannot be reused in multiple invitations. (using a server supplied salt).

@WarmBeer, @BelieveInBunny, @george-avn My first protocol proposal works in a similar way as hashed passwords, the server doesn't store any passwords directly, but only a hashed image of the password...

@BelieveInBunny Great! I will write the signed invitation specification, until then work on the other tasks. 👍

### Signed Invitation Codes This is an alternative specification for making Invitation Codes. This specification has a specific advantage on-top-of the Normal Invitation Codes: Non-Interactive Code Generation. #### Non-Interactive Code...

@WarmBeer @BelieveInBunny @george-avn Please Review. 👍

Hey @WarmBeer, Sure, There are in-fact two competing proposals: Invitation Codes (Interactive Code Generation): https://github.com/torrust/torrust-index/issues/30#issuecomment-1140321853 Signed Invitation Codes (Non-interactive Code Generation): https://github.com/torrust/torrust-index/issues/30#issuecomment-1140497385 --- The main advantage of the non-interactive code...

Hello Mick, I think that we should have a more comprehensive account setup process. 1. Rate Limiting captcha. + Acceptance of Terms + (Invitation) 2. Give Account Registration Recovery Code...

@WarmBeer I've updated the account_recovery_code part to be more descriptive.