what's the ideal UX for nostr relay auth? in my humble opinion:
- prompt the user for auth when receiving AUTH from relay, offer yes/no and remember my choice
- ask by default, allow/deny list is remembered
- allow the user to tweak the allow and deny lists in settings
cc nostr:npub1ye5ptcxfyyxl5vjvdjar2ua3f0hynkjzpx552mu5snj3qmx5pzjscpknpr nostr:npub180cvv07tjdrrgpa0j7j7tmnyl2yr6yr7l8j4s3evf6u64th6gkwsyjh6w6 nostr:npub1jlrs53pkdfjnts29kveljul2sm0actt6n8dxrrzqcersttvcuv3qdjynqn nostr:npub10npj3gydmv40m70ehemmal6vsdyfl7tewgvz043g54p0x23y0s8qzztl5h nostr:npub1fjqqy4a93z5zsjwsfxqhc2764kvykfdyttvldkkkdera8dr78vhsmmleku
This is exactly how noStrudel works. It never auths by default and let's the user set prr relay preferences.
The difficult part is notifying the user about the auth request. In most contexts the user doesn't care but if they are viewing their notifications then they probably care on if their relays is requiring auth
can you tell me about how you envision relays preventing spam without identifying the users?
interested in your feedback on the https://grimoire.rocks/ implementation of auth. i mostly yoinked the noStrudel approach.
i like it, and i think that it should be something like that.
i just learned about SharedWorkers btw, they can be used on chrome/edge/firefox but not safari, safari is gay like its CEO and you have to specially handle that with a DedicatedWorker per tab. this could then become an IPC that mimics the relay nip-01 RPC and lets you manage relay connections peristently as a worker thread. this would eliminate all risk of race conditions like you see with react apps using NDK because the worker is a single thread and effectively would queue processing - if you wanted it to, or you can fan it out with promises to individual relay sockets so it dispatches the request/event and when it returns, it then returns the response back to the component via teh IPC. this would also then let you restrict use of the signer/bunker to a single piece of code that is isolated from the rest, in a separate thread and runtime.
