diff options
| author | Semisol <45574030+Semisol@users.noreply.github.com> | 2024-02-12 23:30:31 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-02-12 23:30:31 +0300 |
| commit | 101cd793ee5e6958606fbab06519b5c8b5022de9 (patch) | |
| tree | d3c01e3fcd68ba7590b48d54a783ca8a960edc22 | |
| parent | 84541be74117922ca0b9ab5589b658efeae60e09 (diff) | |
NIP-97
| -rw-r--r-- | 97.md | 25 |
1 files changed, 25 insertions, 0 deletions
| @@ -0,0 +1,25 @@ | |||
| 1 | NIP-97 | ||
| 2 | ====== | ||
| 3 | |||
| 4 | Nostr Login | ||
| 5 | ----------- | ||
| 6 | |||
| 7 | `draft` `optional` | ||
| 8 | |||
| 9 | This NIP defines a method for a way for users to prove to apps that they control a certain private key. This can be used to enable login for services like the management panel of image hosts. | ||
| 10 | |||
| 11 | ## Login URI | ||
| 12 | |||
| 13 | A login URI is defined of the format `nostr+login:<domain>:<identifier>` where `domain` MUST be a valid DNS domain or .onion service. The `identifier` MUST only consist of `A-Z a-z 0-9 _ - .`. | ||
| 14 | |||
| 15 | This login URI can be presented as a clickable link, a QR code or a copyable string. | ||
| 16 | |||
| 17 | ## Login process | ||
| 18 | |||
| 19 | A client that wishes to log in to a service SHOULD display the domain associated with the service to the end user before allowing them to log in to prevent services showing a login string for another service. | ||
| 20 | |||
| 21 | After the user approves the login, the client should send a POST request to `/.well-known/nostr-login` to the `domain` with the `i` query parameter set to the `identifier` and a valid NIP-98 authentication header present. | ||
| 22 | |||
| 23 | HTTPS should always be used except for `.onion` services, which should be contacted using HTTP. | ||
| 24 | |||
| 25 | Clients MAY or MAY NOT decide to implement support for `.onion` services. | ||