Replying to Avatar Sedj

New note, mostly for nostr:npub1l2vyh47mk2p0qlsku7hg0vn29faehy9hy34ygaclpn66ukqp3afqutajft. Maybe a little bit for nostr:npub1alpha9l6f7kk08jxfdaxrpqqnd7vwcz6e6cvtattgexjhxr2vrcqk86dsn. This is my ux with nsecbunker, getting it to work on nostr.kiwi.

First, tried just opening nostr.kiwi. I had previously put my npub in, and it did remember my profile, but I couldn't interact with any notes. It wouldn't even pretend to try and do something when I tapped on the like button.

I figured that my npub was needing something in nsecbunker. There were some notes going around about getting DMs now if it needed to be reset or something, and I hadn't gotten any DMs - but fair to say, devs had been devving, so went to go check.

Well, nsecbunker admin is still not really operational from my phone (Brave browser, GrapheneOS on Pixel 6. Also tried with Vanadium. Tried turning off the Brave blockers as well.) I can log in, it shows the button for my keys, but pressing it doesn't do anything. I think even logging in required me to enter my full bunker string, then I had a go back and forward or refresh to actually get shown the Keys button.

This sucks, because my whole use case for nsecbunker is to access nostr apps from my phone, where browser extensions don't work. I already have nos2x and alby for my desktop browser.

Anyway, off to my desktop. Thought I was done working for the evening ;)

Fired up nsecbunker admin, sure enough, I could see the key was locked. Had some drama trying to get it unlocked, because my caps lock button was on, screwing up my attempts at my passphrase. Anyway, got it unlocked.

Back to my phone. logged out of kiwi. Tried to log back in. Wasn't seeming to work, just using my npub. FInally I noticed that down at the bottom of the screen on my desktop, nsecbunker was reporting that someone was trying to access. It said it was Snort. I wasn't running snort, so I cleared out a few attempts, and tried on kiwi again. This immediately showed up as an attempt from Snort. Ok, well I tried to change the name to Kiwi, and allow it. I couldn't do that before the attempt seemed to time out - was roughly 5 seconds I think, maybe a few more, but I'm slow.

That wasn't working. So I remember seeing something about Tokens. I went back in nsecbunker, found that I could add a Token now. So I did that, feeling my way through. Called it Kiwi. It produced something that looked like my npub with some other characters after it. I assumed this whole thing was the token.

Kiwi's entry box for nsecbunker auth mentioned token, so I copied that whole string over to Facebook Messenger on the desktop (hate on me, but this is your security model being broken by convenience) in a message to self, opened Facebook Messenger on my phone, copied my token, put it in kiwi.

It worked. Fucking hellyeah! Guys, you are fucking awesome. I tested a like. it lit up, stayed lit up. I assume it worked. I haven't gone back to check, but I can. I tried to zap something. That didn't work. nothing happened when I clicked on the button. I tried a reply post (which previously didn't work - and Jingles said he was working on it) - and it was a little weird, because the reply button didn't even show up in the main feed. Once I clicked on a post, it did show up. I replied to one of the posts about the earlier design sessions, and sure enough - it worked!!!

So - Still no zaps working. My follows list seems to either be old, or it isn't removing the people I followed and then later stopped following. I didn't get as far as checking on relay lists. I can see the lists I created in Highlighter, and browse the results. Lots of good. Performance doesn't seem to be as smooth at loading in posts or interacting as it is in Onyx, but it's usable. So right now, nostr.kiwi PWA is at least a mostly working fallback if Onyx takes a shit.

The worst I think is having to go back to my desktop to figure out nsecbunker. And that token stuff was not very intuitive at all. To be fair, I haven't watched anything from today's design sessions, or Jingles' howto.

Guys, thank you!!! I'm glad I can contribute an honest walkthrough, maybe it will help others like nostr:npub1dvl2gwcahzvhc6rmx4xp8hvrd5833jzaspz8e5xdts6vpfw3t5pshkhhya that are trying to adopt nsecbunker. I'd like to see it in habla.news, flycat.club, #Onyx, #Amethyst. Maybe #Yakihonne. #primal for sure, especially if they PWA or become useful on mobile, which is probably right around the corner. Really any new or existing and under development Nostr client should be implementing something that would allow both nos2x-style (I think Alby works the same) and nsecbunker-style authentication. I don't want to give my nsec to any more sites, ever.

That's enough - over and out!

Avatar
Jingles 2y ago

Thanks for the comprehensive description. We can debug this step by step.

Note that, if you have allow access on your desktop, it doesn’t mean you mobile will have access. This is because the local keys are different.

Try this.

Log out mobile.

Close and open the browser or PWA just to be very sure.

Open nsecbunker website on your PC and go to keys page and get ready.

On mobile, user Login, NIp46, put your npub (not token).

Quickly accept the connection on nsecbunker website. (It time out too quickly here, so got to be quick, have informed nostr:npub1l2vyh47mk2p0qlsku7hg0vn29faehy9hy34ygaclpn66ukqp3afqutajft)

That should be it, you should be logged in, able to sign events remotely.

Let’s see if this works.

Reply to this note

Please Login to reply.

Discussion

Avatar
Sedj 2y ago

Cookies in brave was the problem with logging in to nsecbunker. might be nice to have a logout link or clear link of some kind.

Logged out of PWA. This doesn't seem to actually log me out. If I continue in the PWA, it appears I have logged out. If I close and reopen it, my lists and profile is still loaded.

Removed PWA (I think this is as uninstalled as I can go?) Back into brave on my phone, reinstalled PWA.

Fuck. It still knows who I am. Removed PWA, back into Brave browser. deleted cookie. closed tab with nostr.kiwi. Closed Brave.

OK, did that like twice more, the last time because I realized I removed Kiwi PWA from the home screen, but still had it running while I was fucking around with Brave.

Anyway, got Kiwi PWA installed, and it has now apparently forgotten me!

Now nsecbunker on my PC is timed out apparently, back to where it won't show me keys, but won't show me a logon screen either. Going to /login and pasting my bunker string won't do anything.

resetting cookies on that too...

OK, login successful with just npub. I still have the token out there, but it's good for 1075 hours (this is me being a bit silly, but not wanting to have to reset it for a long time.)

So yes, don't have to fuck with tokens, as long as you don't mind your auth being identified as Snort, and are quick to approve on a PC while logging in on your phone. Pretty sure I couldn't flip back and forth between PWA and Brave fast enough to do it all on mobile, but maybe. I'm kinda slow.

I'd call this a successful test.