Subnostr

New note, mostly for nostr:npub1l2vyh47mk2p0qlsku7hg0vn29faehy9hy34ygaclpn66ukqp3afqutajft. Maybe a little bit for nostr:npub1alpha9l6f7kk08jxfdaxrpqqnd7vwcz6e6cvtattgexjhxr2vrcqk86dsn. This is my ux with nsecbunker, getting it to work on nostr.kiwi.

First, tried just opening nostr.kiwi. I had previously put my npub in, and it did remember my profile, but I couldn't interact with any notes. It wouldn't even pretend to try and do something when I tapped on the like button.

I figured that my npub was needing something in nsecbunker. There were some notes going around about getting DMs now if it needed to be reset or something, and I hadn't gotten any DMs - but fair to say, devs had been devving, so went to go check.

Well, nsecbunker admin is still not really operational from my phone (Brave browser, GrapheneOS on Pixel 6. Also tried with Vanadium. Tried turning off the Brave blockers as well.) I can log in, it shows the button for my keys, but pressing it doesn't do anything. I think even logging in required me to enter my full bunker string, then I had a go back and forward or refresh to actually get shown the Keys button.

This sucks, because my whole use case for nsecbunker is to access nostr apps from my phone, where browser extensions don't work. I already have nos2x and alby for my desktop browser.

Anyway, off to my desktop. Thought I was done working for the evening ;)

Fired up nsecbunker admin, sure enough, I could see the key was locked. Had some drama trying to get it unlocked, because my caps lock button was on, screwing up my attempts at my passphrase. Anyway, got it unlocked.

Back to my phone. logged out of kiwi. Tried to log back in. Wasn't seeming to work, just using my npub. FInally I noticed that down at the bottom of the screen on my desktop, nsecbunker was reporting that someone was trying to access. It said it was Snort. I wasn't running snort, so I cleared out a few attempts, and tried on kiwi again. This immediately showed up as an attempt from Snort. Ok, well I tried to change the name to Kiwi, and allow it. I couldn't do that before the attempt seemed to time out - was roughly 5 seconds I think, maybe a few more, but I'm slow.

That wasn't working. So I remember seeing something about Tokens. I went back in nsecbunker, found that I could add a Token now. So I did that, feeling my way through. Called it Kiwi. It produced something that looked like my npub with some other characters after it. I assumed this whole thing was the token.

Kiwi's entry box for nsecbunker auth mentioned token, so I copied that whole string over to Facebook Messenger on the desktop (hate on me, but this is your security model being broken by convenience) in a message to self, opened Facebook Messenger on my phone, copied my token, put it in kiwi.

It worked. Fucking hellyeah! Guys, you are fucking awesome. I tested a like. it lit up, stayed lit up. I assume it worked. I haven't gone back to check, but I can. I tried to zap something. That didn't work. nothing happened when I clicked on the button. I tried a reply post (which previously didn't work - and Jingles said he was working on it) - and it was a little weird, because the reply button didn't even show up in the main feed. Once I clicked on a post, it did show up. I replied to one of the posts about the earlier design sessions, and sure enough - it worked!!!

So - Still no zaps working. My follows list seems to either be old, or it isn't removing the people I followed and then later stopped following. I didn't get as far as checking on relay lists. I can see the lists I created in Highlighter, and browse the results. Lots of good. Performance doesn't seem to be as smooth at loading in posts or interacting as it is in Onyx, but it's usable. So right now, nostr.kiwi PWA is at least a mostly working fallback if Onyx takes a shit.

The worst I think is having to go back to my desktop to figure out nsecbunker. And that token stuff was not very intuitive at all. To be fair, I haven't watched anything from today's design sessions, or Jingles' howto.

Guys, thank you!!! I'm glad I can contribute an honest walkthrough, maybe it will help others like nostr:npub1dvl2gwcahzvhc6rmx4xp8hvrd5833jzaspz8e5xdts6vpfw3t5pshkhhya that are trying to adopt nsecbunker. I'd like to see it in habla.news, flycat.club, #Onyx, #Amethyst. Maybe #Yakihonne. #primal for sure, especially if they PWA or become useful on mobile, which is probably right around the corner. Really any new or existing and under development Nostr client should be implementing something that would allow both nos2x-style (I think Alby works the same) and nsecbunker-style authentication. I don't want to give my nsec to any more sites, ever.

That's enough - over and out!

Reply to this note

Please Login to reply.

Discussion

Sedj 2y ago

And now nsecbunker won't let me log in to look at the admin stuff (was going to make sure I remembered the tokens setup correctly).

I'm sure it will be fixed my morning! Cheers!

Jingles 2y ago

I stop using tokens, tokens are good for use case where you wanna issue a key for temporary use. Just use your npub.

Jingles 2y ago

Thanks for the comprehensive description. We can debug this step by step.

Note that, if you have allow access on your desktop, it doesn’t mean you mobile will have access. This is because the local keys are different.

Try this.

Log out mobile.

Close and open the browser or PWA just to be very sure.

Open nsecbunker website on your PC and go to keys page and get ready.

On mobile, user Login, NIp46, put your npub (not token).

Quickly accept the connection on nsecbunker website. (It time out too quickly here, so got to be quick, have informed nostr:npub1l2vyh47mk2p0qlsku7hg0vn29faehy9hy34ygaclpn66ukqp3afqutajft)

That should be it, you should be logged in, able to sign events remotely.

Let’s see if this works.