Replying to Avatar Sedj

Cookies in brave was the problem with logging in to nsecbunker. might be nice to have a logout link or clear link of some kind.

Logged out of PWA. This doesn't seem to actually log me out. If I continue in the PWA, it appears I have logged out. If I close and reopen it, my lists and profile is still loaded.

Removed PWA (I think this is as uninstalled as I can go?) Back into brave on my phone, reinstalled PWA.

Fuck. It still knows who I am. Removed PWA, back into Brave browser. deleted cookie. closed tab with nostr.kiwi. Closed Brave.

OK, did that like twice more, the last time because I realized I removed Kiwi PWA from the home screen, but still had it running while I was fucking around with Brave.

Anyway, got Kiwi PWA installed, and it has now apparently forgotten me!

Now nsecbunker on my PC is timed out apparently, back to where it won't show me keys, but won't show me a logon screen either. Going to /login and pasting my bunker string won't do anything.

resetting cookies on that too...

OK, login successful with just npub. I still have the token out there, but it's good for 1075 hours (this is me being a bit silly, but not wanting to have to reset it for a long time.)

So yes, don't have to fuck with tokens, as long as you don't mind your auth being identified as Snort, and are quick to approve on a PC while logging in on your phone. Pretty sure I couldn't flip back and forth between PWA and Brave fast enough to do it all on mobile, but maybe. I'm kinda slow.

I'd call this a successful test.
Avatar
Sedj 2y ago

nostr:npub1alpha9l6f7kk08jxfdaxrpqqnd7vwcz6e6cvtattgexjhxr2vrcqk86dsn Maybe spoke too soon? I tried to like a post, and I got an error, "Error reacting to note" - so maybe not all the way auth'd? Yes, verified on another note on the main feed (the first was a note on of my lists, which isn't showing the hidden members of the list, btw.) Failed to post a reply note, failed to post a new note.

So acting like auth through the nip-46 link, using just my regular npub, gives me view access (similar to just using my npub in any normal client, instead of an nsec.

Posting a token did work though.

Reply to this note

Please Login to reply.

Discussion

Avatar
Sedj 2y ago

Oh shit, hold that. Went back to desktop to see if I could replicate the being timed out with no logout button (which does exist when I'm logged in).

And I clicked on Keys. And I see permissions requests. So there's another step - but it's showing up in my nsecbunker admin. (used to nos2x showing me this stuff, so it kind of makes sense, actually. Maybe I'm being too dense here.)

let's retest, shall we? Like button, sure enough, I get a request in nsecbunker, and the option to always allow singing for type 7, or always allow singing for all types. I like singing, and nostr:npub1l2vyh47mk2p0qlsku7hg0vn29faehy9hy34ygaclpn66ukqp3afqutajft's typos. I think I would like to have the option to only allow once, like nos2x - but really, for nsecbunker, the idea is allow for always. I think Tokens do this, and I can apply a permissions template to them - another reason maybe to use tokens, just to avoid this clunky UX? So now like button appears to work.

I replied to your release post - and that worked - but I'm sure I pushed the button to only allow type 7. A reply shouldn't be a type 7. Posted a new note, worked, that's a type 1. So the only allow type 7 button in nsecbunker might be actually allowing all. Looking at permissions for the user (users button under Key) - it is showing Sign events of kind: all.

So we are getting somewhere with all of this. Nothing like testing live.

Avatar
Jingles 2y ago

I have bookmarked your note. I need to go though it again tomorrow