What relays actually send AUTH requests in practice and why?
Discussion
We use AUTH on many of our relays for different reasons.
nostr.wine - AUTH only for kind 4 REQs to protect DM metadata
filter.nostr.wine - paid proxy relay service, AUTH on connect for access control
creatr.nostr.wine - patreon relay with granular event access control, AUTH on connect
inbox.nostr.wine - special purpose access control relay for DMs, giftwraps, and NWC events. AUTH on any REQ. Events can be sent without AUTH as long as the tagged pubkey has a registered inbox.
Do you do the CLOSED+auth-required flow on all of these?
Yes
so a relay can preempt auth by sending a closed on connect and then following with an auth? nostr:nprofile1qyv8wumn8ghj7cm9d3kxzu3wdehhxarj9emkjmn99uq3wamnwvaz7tmfde3x77pwdehhxarj9emkjmn99uq3jamnwvaz7tmhv4kxxmmdv5hxummnw3ezuamfdejj7qpq8kzz4lkdtc5n729kvfunxuz287uvu9f64ywhjz43ra482t2y5sksgzn4gz also, is this how you get #coracle to do it (i tried triggering auth on connect with auth required but it sounds like i need to send closed first? kinda weird tho)
I have different auth flows for different relays. Nostr.wine doesn’t AUTH until the client makes a REQ that requires it. It sends CLOSED with auth-required to that REQ.
Filter.nostr.wine just sends an AUTH on connect. If you ignore it and send REQs it returns CLOSED+auth-required.
Well, for bouncer it's sort of similiar like how most server use HTTP AUTH function: Login into the private bouncer and use it alone
there's no way to auth up the line tho
my relay does because it’s only intended to be used by me.
I'm building a proxy for relays that does that in order to ask for sats as collateral to enforce its ToS.