mleku on Nostr: IMO, we could just deprecate nip-42 and just put the nip-98 auth but then we also ...
IMO, we could just deprecate nip-42 and just put the nip-98 auth
but then we also have the problem of how do we tell the client for what reason they need to auth? that`s what part of nip-11 is about, an api capabilities/requirements, and auth is one of the main infos that is needed for this, but the way they are expressed in the nip-11 doc is not clear, it's a mess, and partly that is because there isn't a formal notion of API method in nostr, which is part of the reason why there is so many interop problems around auth
just go look at openapi documentation section on authentication, it's extensive, and that's because you basically can't run a service on the internet unless you charge people and you can't have the payers get special treatment without having auth to identify them
but then we also have the problem of how do we tell the client for what reason they need to auth? that`s what part of nip-11 is about, an api capabilities/requirements, and auth is one of the main infos that is needed for this, but the way they are expressed in the nip-11 doc is not clear, it's a mess, and partly that is because there isn't a formal notion of API method in nostr, which is part of the reason why there is so many interop problems around auth
just go look at openapi documentation section on authentication, it's extensive, and that's because you basically can't run a service on the internet unless you charge people and you can't have the payers get special treatment without having auth to identify them