#realy #devstr #progressreport
https://github.com/mleku/realy/blob/dev/httpauth/98.adoc
note the new section just before the Request Flow, Expiration Variant
this describes what it is
the code has been modified to allow this form of HTTP auth token and there is now a tool at
https://github.com/mleku/realy/blob/dev/cmd/nauth/main.go
which will generate a token that can be given a specific expiry time and used on multiple paths of a realy
this allows me to make more use of the openapi documentation interface
the JWT flow was just so clunky in comparison, and replicates so much of the entire principle of nostr events, which are in themselves a form of attestation just like a JWT.
for most use cases, you want to follow the existing NIP-98 standard, assuming your client has this integrated, but for cases where you need to use http endpoints with tools that don't integrate nicely, you can make a typical style bearer token that is valid for longer
mleku
npub1fj…mleku
2025-04-02 20:41:04
Author Public Key
npub1fjqqy4a93z5zsjwsfxqhc2764kvykfdyttvldkkkdera8dr78vhsmmlekuPublished at
2025-04-02 20:41:04Event JSON
{
"id": "7a9751c72cb9380917d51781eedb43dcade349d1c309f4fc7588f5e4d247711e",
"pubkey": "4c800257a588a82849d049817c2bdaad984b25a45ad9f6dad66e47d3b47e3b2f",
"created_at": 1743626464,
"kind": 1,
"tags": [
[
"t",
"realy"
],
[
"t",
"devstr"
],
[
"t",
"progressreport"
],
[
"client",
"jumble"
]
],
"content": "#realy #devstr #progressreport\n\nhttps://github.com/mleku/realy/blob/dev/httpauth/98.adoc\n\nnote the new section just before the Request Flow, Expiration Variant\n\nthis describes what it is\n\nthe code has been modified to allow this form of HTTP auth token and there is now a tool at \n\nhttps://github.com/mleku/realy/blob/dev/cmd/nauth/main.go\n\nwhich will generate a token that can be given a specific expiry time and used on multiple paths of a realy\n\nthis allows me to make more use of the openapi documentation interface\n\nthe JWT flow was just so clunky in comparison, and replicates so much of the entire principle of nostr events, which are in themselves a form of attestation just like a JWT.\n\nfor most use cases, you want to follow the existing NIP-98 standard, assuming your client has this integrated, but for cases where you need to use http endpoints with tools that don't integrate nicely, you can make a typical style bearer token that is valid for longer",
"sig": "d3800cd474c05ae2cc994b8ac745d3c9215bd844be089ab3a1bb1a41bbf2cf67c25758b039c4a78938a8669ccc78015a667d6bd586873e1e49abd89a43649b6d"
}