so it's all token based? we know the pubkey by decoding the signature? I'm not sure I fully understand it yet. where is that token by the minds pubkey? I only see it on the posts by the anigma account
Discussion
We know the root pubkey because it's included in the delegate tag with the signature and event creation conditions.
The unsigned token is `nostr:delegation:
So basically you just sign a token that gives the permission to
and this process is handled internally right now by the issuer? so you need to input that token you received via other means? how is the token verification done?
anyone can verify the token by just checking the signature of sha256(nostr:delegation:publisher-key:conditions) against the pubkey in the delegation tag (which is the root key). also make sure the publisher-key is the pubkey of the nostr note.