Open bumi opened 3 years ago
Oh this is a cool idea, we could even autofill the password field. This makes the extension a bit like an "identity wallet" / password manager so backing up this data will be important.
Few questions about edge cases
the extension still will hold no data as those passwords can be derived on the fly. - similar to the lnurl-auth flow right now. The extension will hold no sensitive data (except of the connection to the lightning node as currently)
regarding email/username: I guess that's still up to the user. changing passwords would not work. - at least then the generated password would not work anymore.
as you've mentioned lnurl-auth is specific to websites that have implemented it.
If you want to extend it to regular websites with email/password requirement and tie it to lnurl-auth, you could do: 1- since you already have implemented https://github.com/fiatjaf/lnurl-rfc/blob/luds/13.md you could derive pubkey from this privkey 2- use that as an email address with a domain pubkey@getalbyemailservice.com. 3- for the same domain, getalby (and even other wallets that implement LUD-13) will derive same pubkey/privkey pair. 4- this may be too ambitious but you (or someone else) could run this email service and forward to users own email if they opt-in.
LNURL-auth describes a way to create a unique signing key for each website and use that to sign a message to login. Sadly most websites do not yet support that.
We could offer the user a way to use the same flow to generate a password for websites. The user would not need to use a password manager and the password can be derived from the lightning master/root key.