hodlbod (nprofile…fcen) fiatjaf (nprofile…mtez)
What do you think of an HTTP-based login flow for NIP-46? I find the current spec to be needlessly complicated for a protocol that is supposed to be as simple as possible. Here's what I do in my home-cooked client:
1. User wants to sign in as pleb:password@nostr.relay, so the client queries for /login and /sign endpoints specified by the /.well-known/nostr.json file at nostr.relay
2. Client sends a POST to the /login endpoint containing the username and their password. On successful auth, the client receives a session key.
3. When the user wants to post a note, they send the unsigned event to the /sign endpoint with their session key in the header. Server responds with the signed event.
4. Client posts the signed note.
For clarity, I use a locally hosted server to do the signing. I would sign in as pleb@localhost if a client asked for it.
Is this worth (re)writing a NIP for? I'm honestly kind of surprised that nobody has done this yet.
Zen /
npub1lg…js73e
2024-03-24 02:05:50
Author Public Key
npub1lgyh0e6kk78eqzy4jadqxv7u00qwehsc0q3kje99uryaumyy8vgqyjs73ePublished at
2024-03-24 02:05:50Event JSON
{
"id": "e27b207a3c0871648b6ce91f6bed589e66fc1821a3b30014e4c0dcfd102034bd",
"pubkey": "fa0977e756b78f900895975a0333dc7bc0ecde1878236964a5e0c9de6c843b10",
"created_at": 1711245950,
"kind": 1,
"tags": [
[
"p",
"97c70a44366a6535c145b333f973ea86dfdc2d7a99da618c40c64705ad98e322",
"wss://pyramid.fiatjaf.com/",
"hodlbod"
],
[
"p",
"3bf0c63fcb93463407af97a5e5ee64fa883d107ef9e558472c4eb9aaaefa459d",
"wss://pyramid.fiatjaf.com/",
"fiatjaf"
]
],
"content": "nostr:nprofile1qyd8wumn8ghj7urewfsk66ty9enxjct5dfskvtnrdakj7qgewaehxw309a5x7ervvfhkgtnwdaehgu339e3k7mf0qyt8wumn8ghj7emjv4jkuum0w4kzuumsv93k2tcpzdmhxue69uhk5mt0daek2tnjda3kkue0qqsf03c2gsmx5ef4c9zmxvlew04gdh7u94afnknp33qvv3c94kvwxgs46fcen nostr:nprofile1qyd8wumn8ghj7urewfsk66ty9enxjct5dfskvtnrdakj7qgmwaehxw309aex2mrp0yh8wetnw3jhymnzw33jucm0d5hszxnhwden5te0wfjkccte9e3hyetyv4h8xmewvdskvef0qyt8wumn8ghj7emjv4jkuum0w4kzuumsv93k2tcqyqalp33lewf5vdq847t6te0wvnags0gs0mu72kz8938tn24wlfze62kmtez \n\nWhat do you think of an HTTP-based login flow for NIP-46? I find the current spec to be needlessly complicated for a protocol that is supposed to be as simple as possible. Here's what I do in my home-cooked client:\n\n\n\n1. User wants to sign in as pleb:password@nostr.relay, so the client queries for /login and /sign endpoints specified by the /.well-known/nostr.json file at nostr.relay\n\n2. Client sends a POST to the /login endpoint containing the username and their password. On successful auth, the client receives a session key.\n\n3. When the user wants to post a note, they send the unsigned event to the /sign endpoint with their session key in the header. Server responds with the signed event.\n\n4. Client posts the signed note.\n\n\n\nFor clarity, I use a locally hosted server to do the signing. I would sign in as pleb@localhost if a client asked for it.\n\n\nIs this worth (re)writing a NIP for? I'm honestly kind of surprised that nobody has done this yet.",
"sig": "800c811582547ffc279692a4660a9d6c6b63d71a1d21b49d2a51ef13c426b64b42b26317b97b3e01fabbcd95c85a6e552bc4baab73dca5e21f180521c92e5363"
}