Nostr identity for web apps / services - Githubissues

nostr-protocol / nips

Nostr Implementation Possibilities

2.41k stars 587 forks source link

Nostr identity for web apps / services #1237

Open basantagoswami opened 6 months ago

basantagoswami commented 6 months ago

What

Provide web apps with npubs, which will be accessible at /.well-known/nostr/nipXX.json. They will also post their service's endpoint/homepage URL in a nostr event to verify it, similar to how NIP-05 works.
When you visit the webpage, both you and the service will authenticate each other by signing a challenge string, similar to how it’s done in NIP-42 (Authentication of clients to relays).

Why

To detach identity from domain names for services.
In the future, there can be another NIP for these services to communicate with you directly via encrypted DMs (perhaps using a different kind), similar to Telegram and Discord bots.

How

Will has written about giving relays pubkeys and skipping DNS and TLS by using the noise protocol and IP. I think we can do the same for web apps as well.
Imagine a nostr browser extension that lets you bookmark websites with a name (and saves them as encrypted nostr lists), and when you visit a site, it can perform the auth in the background and tell you if you are visiting the actual site.

fabianfabian commented 6 months ago

For the authentication part there is https://github.com/nostr-protocol/nips/pull/1042

fiatjaf commented 6 months ago

Isn't this covered by NIP-89?