diff options
| author | Semisol <45574030+Semisol@users.noreply.github.com> | 2024-02-18 02:19:10 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-02-18 02:19:10 +0300 |
| commit | 8416ed6f8cd1248c24e0f08f9c5ecade010b37c4 (patch) | |
| tree | 2a335c441240233558dd7a641e9e51274fc03f38 | |
| parent | 101cd793ee5e6958606fbab06519b5c8b5022de9 (diff) | |
reword
| -rw-r--r-- | 97.md | 18 |
1 files changed, 13 insertions, 5 deletions
| @@ -1,16 +1,16 @@ | |||
| 1 | NIP-97 | 1 | NIP-97 |
| 2 | ====== | 2 | ====== |
| 3 | 3 | ||
| 4 | Nostr Login | 4 | Login with Nostr |
| 5 | ----------- | 5 | ---------------- |
| 6 | 6 | ||
| 7 | `draft` `optional` | 7 | `draft` `optional` |
| 8 | 8 | ||
| 9 | This NIP defines a method for a way for users to prove to apps that they control a certain private key. This can be used to enable login for services like the management panel of image hosts. | 9 | This NIP defines a flow for applications to request from a user that they control a private key for. This enables logging into applications (such as paid relay/media hosting services) without having to use other flows which may be annoying to use or not available. (DM codes, NIP-07 extensions) |
| 10 | 10 | ||
| 11 | ## Login URI | 11 | ## Login URI |
| 12 | 12 | ||
| 13 | A login URI is defined of the format `nostr+login:<domain>:<identifier>` where `domain` MUST be a valid DNS domain or .onion service. The `identifier` MUST only consist of `A-Z a-z 0-9 _ - .`. | 13 | A login URI is defined of the format `nostr+login:<domain>:<challenge>` where `domain` MUST be a valid DNS domain or .onion service. The `challenge` MUST only consist of `A-Z a-z 0-9 _ - .`. |
| 14 | 14 | ||
| 15 | This login URI can be presented as a clickable link, a QR code or a copyable string. | 15 | This login URI can be presented as a clickable link, a QR code or a copyable string. |
| 16 | 16 | ||
| @@ -18,7 +18,15 @@ This login URI can be presented as a clickable link, a QR code or a copyable str | |||
| 18 | 18 | ||
| 19 | A client that wishes to log in to a service SHOULD display the domain associated with the service to the end user before allowing them to log in to prevent services showing a login string for another service. | 19 | A client that wishes to log in to a service SHOULD display the domain associated with the service to the end user before allowing them to log in to prevent services showing a login string for another service. |
| 20 | 20 | ||
| 21 | After the user approves the login, the client should send a POST request to `/.well-known/nostr-login` to the `domain` with the `i` query parameter set to the `identifier` and a valid NIP-98 authentication header present. | 21 | After the user approves the login, the client should send a POST request to `/.well-known/nostr-login` to the `domain` with the `i` query parameter set to the `challenge` and a valid NIP-98 authentication header present. |
| 22 | |||
| 23 | The response MUST be a JSON object, with the format: | ||
| 24 | ```json | ||
| 25 | { | ||
| 26 | "status": <"success" or "error">, | ||
| 27 | "message": <OPTIONAL string message to show user in the case of an error> | ||
| 28 | } | ||
| 29 | ``` | ||
| 22 | 30 | ||
| 23 | HTTPS should always be used except for `.onion` services, which should be contacted using HTTP. | 31 | HTTPS should always be used except for `.onion` services, which should be contacted using HTTP. |
| 24 | 32 | ||