Very very cool
Take a look at this prototype. It's a Nostr signer web-app - it works in your browser, doesn't need extensions, and stores your keys locally.
I love the recent ideas by nostr:npub1l2vyh47mk2p0qlsku7hg0vn29faehy9hy34ygaclpn66ukqp3afqutajft and nostr:npub1wmr34t36fy03m8hvgl96zl3znndyzyaqhwmwdtshwmtkg03fetaqhjg240 about OAuth-like nostr signup/login flows, but OAuth is so smooth because it works on the web - no extensions or apps needed. And the only Nostr web-signing option we had until now was to give custody of your keys to a remote nsecbunker, or paste nsec into every app.
This app, though, is a pure web app, and it does signing locally. It uses NIP46 just like nsecbunker, so it shouldn't be too hard for apps to start supporting it - the one that already works is Snort. With nip05 names added on top we can make signup/login flows that are very smooth and users would only deal with email-like usernames and passwords, without the custody of keys by third-parties.
Ok, let's watch the demo. Your eyes will bleed, but it's a prototype. Maybe #nostrdesign team would help us turn it into something pleasant.
https://video.nostr.build/b3bbcd1aa40ca6d1a3175f6690171e859dc85d41d7f4878b1bbc8f9b9c264fa9.mp4
This approach technically works across devices, but that's unreliable on mobile if device is locked, plus your devices are offline sometimes, so the best way would be to have this app store keys on each of your devices so that at least one instance of the signer is always online (on the device you're using right now). That's why this app has built-in password-protected cloud sync for keys.
It's open source.
App: https://login.nostrapps.org
Discussion
I love the rube-goldberg like solution. But still, it's a cool hack that makes non-custodial bunkers easy.
Yeah it's ugly, wish anything else worked
Btw could you please add support for bunker:// urls to coracle?
I pass tokens through to NDK, but the standard keeps changing, where is bunker:// specified?
I just want to tell coracle which relay to use for nip46, bunker: url allows that. See nostr:nevent1qqsphc9rv7820h4hqchyg86h45q4hyvpsecscadpfwjx94pcuksjthcppamhxue69uhkummnw3ezumt0d5pzqv6kmesm89j8jvww3vs5pv46hqm7pqgvpm63twlf9hszfqzqhz7aqvzqqqqqqy86wtkn
Highly interested in this, but I'm not really up to speed, and I wasn't able to figure out the protocol when I last tried. This is high on my list, will probably put it together in January — I'm bullish on the OAuth workflow. If you want to open an issue or PR on coracle, that would make me very happy.
Sounds great!
Here it is, sending from Coracle signing with nip46 https://github.com/coracle-social/coracle/pull/205
🤩 thanks!