Alex Gleason on Nostr: Nope. It hits /api/v1/accounts/lookup where the username is the OAuth token encoded ...
Published at
2023-05-26 19:37:05Event JSON
{
"id": "4a40b123b0c23b11238a179ed0c7ce93d839f7519d771472ea29404ab71e171a",
"pubkey": "79c2cae114ea28a981e7559b4fe7854a473521a8d22a66bbab9fa248eb820ff6",
"created_at": 1685129825,
"kind": 1,
"tags": [
[
"p",
"69808a64d278bd244dc36492a5165ec02ec07af76fe38bbd2811b0a84fe1be17",
"wss://relay.mostr.pub"
],
[
"e",
"635a5bfae06493f805e798505f61abe3b3a8fe7fa948283f1c55332fdb72c233",
"wss://relay.mostr.pub",
"reply"
],
[
"mostr",
"https://gleasonator.com/objects/1cfd3d9b-b58c-48dd-acfd-20f9d2429d9a"
]
],
"content": "Nope. It hits /api/v1/accounts/lookup where the username is the OAuth token encoded to look like a Nostr pubkey @ mostr.fedirelay.xyz. This causes your server to make a federation request where they simply monitor the logs and pull the token out of the username... absolutely nuts. Read the code. https://i.poastcdn.org/4ed28ef4fa5e18bfa5c1f75a5c1cc759f7b718c0b600e7e2fcc6d0cdb0215f15.txt",
"sig": "b201842a6f78a144008945621489eff9f32d3b89e46d480bc5c14fc287670551c92e87ce98155c482e893f649324b214df0d880d458cb2cc6a26a4909e46c005"
}
