Nuh 🔻 on Nostr: we are further ahead from vision, we have an e2e example in pubky-core repo. And it ...
we are further ahead from vision, we have an e2e example in pubky-core repo. And it is all specced out here
https://pubky.github.io/pubky-core/spec/auth.htmlLong story short; the web app asks the user for specific capabilities, the user approves by sending a signed token to the web app (using httprelay.io) then that web app uses this signed token to sign in to the user homeserver and get a good old session cookie with only the capabilities that the user approved
Published at
2024-11-03 11:16:58Event JSON
{
"id": "eb8b5d0450dafac8f4319b6c82ad0249ef5b62198bab0143ee32c3976cdd2024",
"pubkey": "930ccef12372dd2f16057cfc54f0dbd94335d8b51b4e2737236b00cab718fcd9",
"created_at": 1730632618,
"kind": 1,
"tags": [
[
"p",
"930ccef12372dd2f16057cfc54f0dbd94335d8b51b4e2737236b00cab718fcd9"
],
[
"p",
"8fb9450003a599bb1b34f03fadb9b137f6c0e5a850ba205964bee4732ccce549"
],
[
"e",
"eddd8fe9cbdb175e441ffa39205317a0427388c4776baf1a96917b3b3f93bc50",
"",
"root"
],
[
"e",
"ba07cef067a9c01b56e41179727bc4a659190a66d3d60ce43a8bc451ca6283df",
"",
"reply"
]
],
"content": "we are further ahead from vision, we have an e2e example in pubky-core repo. And it is all specced out here https://pubky.github.io/pubky-core/spec/auth.html\n\nLong story short; the web app asks the user for specific capabilities, the user approves by sending a signed token to the web app (using httprelay.io) then that web app uses this signed token to sign in to the user homeserver and get a good old session cookie with only the capabilities that the user approved ",
"sig": "909027f639b9efb433b8f7c8315eb32fe760e5ef3fb1ee698e54a5780e087c97d3ca82c3368078757c1da7f2911101835186d103ff874022722467c26d9a7f33"
}
