Nostr identity for web apps / services - Githubissues

nostr-protocol / nips

Nostr Implementation Possibilities

2.14k stars 506 forks source link

Nostr identity for web apps / services #1237

Open basantagoswami opened 2 weeks ago

basantagoswami commented 2 weeks ago

What

Provide web apps with npubs, which will be accessible at /.well-known/nostr/nipXX.json. They will also post their service's endpoint/homepage URL in a nostr event to verify it, similar to how NIP-05 works.
When you visit the webpage, both you and the service will authenticate each other by signing a challenge string, similar to how it’s done in NIP-42 (Authentication of clients to relays).

Why

To detach identity from domain names for services.
In the future, there can be another NIP for these services to communicate with you directly via encrypted DMs (perhaps using a different kind), similar to Telegram and Discord bots.

How

Will has written about giving relays pubkeys and skipping DNS and TLS by using the noise protocol and IP. I think we can do the same for web apps as well.
Imagine a nostr browser extension that lets you bookmark websites with a name (and saves them as encrypted nostr lists), and when you visit a site, it can perform the auth in the background and tell you if you are visiting the actual site.

fabianfabian commented 2 weeks ago

For the authentication part there is https://github.com/nostr-protocol/nips/pull/1042

fiatjaf commented 2 weeks ago

Isn't this covered by NIP-89?