Take a look at this prototype. It's a Nostr signer web-app - it works in your browser, doesn't need extensions, and stores your keys locally.
I love the recent ideas by PABLOF7z (npub1l2v…ajft) and Rabble (npub1wmr…g240) about OAuth-like nostr signup/login flows, but OAuth is so smooth because it works on the web - no extensions or apps needed. And the only Nostr web-signing option we had until now was to give custody of your keys to a remote nsecbunker, or paste nsec into every app.
This app, though, is a pure web app, and it does signing locally. It uses NIP46 just like nsecbunker, so it shouldn't be too hard for apps to start supporting it - the one that already works is Snort. With nip05 names added on top we can make signup/login flows that are very smooth and users would only deal with email-like usernames and passwords, without the custody of keys by third-parties.
Ok, let's watch the demo. Your eyes will bleed, but it's a prototype. Maybe #nostrdesign team would help us turn it into something pleasant.
This approach technically works across devices, but that's unreliable on mobile if device is locked, plus your devices are offline sometimes, so the best way would be to have this app store keys on each of your devices so that at least one instance of the signer is always online (on the device you're using right now). That's why this app has built-in password-protected cloud sync for keys.
It's open source.
App: https://login.nostrapps.org
Client: https://github.com/nostrband/noauth
Server: https://github.com/nostrband/noauthd
brugeman
npub1xd…mntxy
2023-12-01 17:51:48
Author Public Key
npub1xdtducdnjerex88gkg2qk2atsdlqsyxqaag4h05jmcpyspqt30wscmntxyPublished at
2023-12-01 17:51:48Event JSON
{
"id": "1b9c5a48f2c89c887d0f5f39c5ed8f4f8fb2d08f7b63341636098e2db6657829",
"pubkey": "3356de61b39647931ce8b2140b2bab837e0810c0ef515bbe92de0248040b8bdd",
"created_at": 1701453108,
"kind": 1,
"tags": [
[
"p",
"fa984bd7dbb282f07e16e7ae87b26a2a7b9b90b7246a44771f0cf5ae58018f52"
],
[
"p",
"76c71aae3a491f1d9eec47cba17e229cda4113a0bbb6e6ae1776d7643e29cafa"
],
[
"t",
"nostrdesign"
]
],
"content": "Take a look at this prototype. It's a Nostr signer web-app - it works in your browser, doesn't need extensions, and stores your keys locally.\n\nI love the recent ideas by nostr:npub1l2vyh47mk2p0qlsku7hg0vn29faehy9hy34ygaclpn66ukqp3afqutajft and nostr:npub1wmr34t36fy03m8hvgl96zl3znndyzyaqhwmwdtshwmtkg03fetaqhjg240 about OAuth-like nostr signup/login flows, but OAuth is so smooth because it works on the web - no extensions or apps needed. And the only Nostr web-signing option we had until now was to give custody of your keys to a remote nsecbunker, or paste nsec into every app.\n\nThis app, though, is a pure web app, and it does signing locally. It uses NIP46 just like nsecbunker, so it shouldn't be too hard for apps to start supporting it - the one that already works is Snort. With nip05 names added on top we can make signup/login flows that are very smooth and users would only deal with email-like usernames and passwords, without the custody of keys by third-parties.\n\nOk, let's watch the demo. Your eyes will bleed, but it's a prototype. Maybe #nostrdesign team would help us turn it into something pleasant.\n\nhttps://video.nostr.build/b3bbcd1aa40ca6d1a3175f6690171e859dc85d41d7f4878b1bbc8f9b9c264fa9.mp4\n\nThis approach technically works across devices, but that's unreliable on mobile if device is locked, plus your devices are offline sometimes, so the best way would be to have this app store keys on each of your devices so that at least one instance of the signer is always online (on the device you're using right now). That's why this app has built-in password-protected cloud sync for keys.\n\nIt's open source. \n\nApp: https://login.nostrapps.org\nClient: https://github.com/nostrband/noauth\nServer: https://github.com/nostrband/noauthd",
"sig": "fae7298687ff0a0ab0beaf6b9da3dddb08e2c6e396e5251b436f1a75d2a8fcb57b0ea34f4653af9b7b9abad3dc7c60223f78912dda1868c7358d6c8554f75e6f"
}