What’s the point of a log in with Nostr button if your app is not a Nostr app? You have totally separate auth process, databases etc, what exactly would a Nostr identity provide? You’d need to have a Nostr-first app, no?
Discussion
Nostr-native would be better, but even just a login with nostr does improve UX. In the same way a "Login with Google" is convenient
What's the point of Google login, Facebook login, Twitter login, or any OAuth login? To make the login process easier and familiar to users.
I guess. Except lots of people use those services and nobody uses Nostr. I guess in a way it’s a way to grow Nostr more than simplifying UX for a few people
You're absolutely right but you have to start somewhere with adoption. This is just another piece of the puzzle.
I'm thinking about this because I want to build a Nostr app for my selfish use case.
Login with nostr is optional. But it helps sync cross platform.
If you're not logging in there's no sync. It's that simple. Like obsidian. You don't need to use sync, but if you want it, you either figure it out or pay for the service.
With Nostr, I'm not as familiar, but the alternative could be like self hosting on your relay is free, but special Nevents to get your app to sync can be reserved / hidden behind paid relay, hosted by the developer of the Nostr App.
On top of that, here's an additional design feature to bolster adoption:
Downloading from zap store is free, downloading from Playstore / app store is paid.
I'm not a developer but I think what I described is possible? 🕵️♂️
Will be exploring this as I'm testing out vibe coding a nostr app
Sure, for some McDonalds app it won't be worth the trouble implementing unless they also engage on nostr with the users.
Been thinking about this recently…
We have a lot of work to attract business to use the Nostr protocol. At best it will be the “hybrid app” architecture that is most useful. While this COULD end up being little more than Nostr flavored SSO for some black box apps, respecting soveregnty itself IS a “value add” that can be incrementally applied … if we get their foot in the door. I’m writing up a more complete article RN …
As a web 2 dev I’d personally never implement that I don’t think … extra work just to benefit a tiny fraction of users
"we've been hacked. Reset your passwords"
"Google, MS, Discord, and other traditional login methods are facing an attack, so you can't login right now"
> "Nostr users unaffected by these issue"
The benefit is that they'll have users that won't give them a headache, and infact appreciate them for the nostr login =3
The quick win IMO is to avoid capturing email, phone, or other PII. Can an npub be de-anonymized? Sure, but more work?
Having a sovereign identity on the Nostr protocol IS the win for end users.
PII will be captured. Maybe even by black box apps with Nostr SSO. Maybe even bought and sold across these apps.
Freedom of choice is what the Nostr protocol offers for end users. It’s up to us (sovereignty respecters) to continually work for these choices to be multiple, and diverse, and sovereignty respecting.
I love nostr login if done right. They can use my npub as my account identifier and store related data in their database but I don't have to verify an email address or remember a password. Nobody can steal my password from them neither.
Not sure I totally agree…there’s SSO for Google, Apple, X, Discord, etc. Even if the app isn’t Nostr, I think being able to use your identity to Nostr is a win and helps drive awareness.
Errr I meant being able to use your Nostr identity to login
More than awareness … providing access for Nostr users could actually be good for business.
- Businesses want reliable SEO and socials to put their brands in front of users, rather than arbitrary gate keepers, censoring the marketplace on a whim.
- Businesses want open access to harvest unlimited user data for free on a soveregnty respecting network, rather than paying gate keepers for access to user data of questionalble origin.
- Busineses want a single open protocol on which to build their apps, with unlimited tech potential and a diversity of users, rather than multiple siloed networks with difering APIs and demographics.
- Businesses want to own the technology they build and to use it as they wish, rather than submit their code for approval and control by arbitrary gate keepers.
Agree, it'd be good for their business, but realistically the user base here is still very small, the bigger benefit in the short term is getting people on-ramped. When we have more people it kicks off the flywheel and the benefits become more apparent to the business.
Nostr login has two values obvious.
1. password entering needless
2. payment info entering needless
1 differs from OAuth in that there is no centralized identity provider, but is similar to Passkey.
2 is the zap and makes payment services like PayPal and stripe substitute.
Identity and payments are two very close areas of web standards. Many specification bodies and experts cover both together. And Nostr login provides them together.
This is something only Apple/Google can do, as far as I know. Of course, there are many things like LNURL-Auth that do this, but in terms of actual and popular use. As an aside of other methods, I think the default route in Japan is to do this with My Number Card and CBDC.
On the other hand, i guess it's difficult for existing web2 services with OAuth button to replace to Nostr login, because they often get login user's email address from OAuth provider and make it identifier.
I think we will create a paradigm shift as users gradually choose services that provide new value.