LastLogin is currently missing several features that will be necessary to accomplish our goals. Some are listed here.

Custom upstream providers

Users should be able to add their own OpenID Connect provider to use with LastLogin. If they self-hosted their own OIDC server for example, they should be able to use that server to add identities for the same domain to LastLogin. This should be possible both by manually adding providers and by using WebFinger to determine the provider automatically for an email address.

This provides the most realistic paths towards decentralized login. Imagine if an email provider like Fastmail implemented WebFinger and allowed their users to specify an OIDC provider they want. When a Fastmail user goes to log in to a website, they would enter an email address (or more realistically select one they used previously or have it autofilled by the browser). The site would check the email server using WebFinger to see if the user has their own OIDC server (perhaps also provided by the email provider). If yes, they authenticate directly with their own server. If not, defer to LastLogin, which can talk to the custom OIDC server directly.

Wildcard email support

Many email providers allow "wildcard" email addresses to be created on the fly. For example, if your gmail address is You can send an email to alice+*, where "*" can be whatever you want. LastLogin should be able to let you fill in that part when you log in to an app or site. This is particularly valuable if you have your own domain name, as you can generate entirely unique email addresses for each app, similar to the way Apple does to preserve user privacy.

QR code login

Since LastLogin doesn't store any user data (it's all kept in cryptographically signed browser cookies), there's no easy way to transfer all your identities to a new device. This can be solved by using QR codes to transfer login data by showing/scanning a code.

Support decentralized login protocols

LastLogin needs to support decentralized login protocols, so that apps and browsers/extensions have someone to talk to. Something like BrowserID from Mozilla Persona, or similar.

Passkeys support

Passkeys would be a great way to get an initial login cookie on LastLogin, rather than requiring users to use a social login provider to bootstrap trust.