sir, took some more time to get around to it but here it is:
quick and dirty implementation of nsecbunker
key points:
* uses a separate relay connection (I think it makes more sense to have the signer connectivity separate since it's useless to push the signing events to pretty much all relays except the ones where nsecbunker is listening to)
* local key, generated locally
https://github.com/coracle-social/coracle/commit/c2cf06ee0101d46cbb08576a4b03fc8c1a7fc3f3
Is there a nip or standard to make it easy to connect with a self hosted nsecBunker, maybe add the relay to the token that is copy pasted?
that's the beauty; you don't connect to the nsecbunker
you discover it
that's why you can easily run a bunker on your umbrel without opening any ports, without fiddling with tor, without any bullshit; it just works
all you need to find the bunker that will serve your npub is that... your npub
Can a Bunker serve multiple npubs with different people granted access to different npubs?
I’m thinking about a company that might have multiple social media “presences”.
yes
nsecBunker already can do that
if you buy/run one now you can already load as many keys as you want 😉
Is this a security vulnerability? IOW, if you log out of Coracle, the browser still has write access via nsecbunker if the same pubkey is re-entered. So you're logged out, but it's trivial to log back in without re-establishing permission. It seems to me the key should be re-generated every login.
I agree; if you logout from coracle the private key should be destroyed
How does the token work? Do you need that every time, or is that just intended to bypass manual authorization? IOW, authentication depends on the approved app key, right?
Just for manual authorization; the token tells the bunker “I’ve been preauthorized”
Once used you can’t redeem it anymore so you should not save it. Just save the npub from the token
