Nostr Web Client

The truly interesting difference is in authentication.

In traditional servers, OAuth tokens are used to protect database write access, because all the rules of the app are made up and stored in the database itself. So the database itself is the "protected resource".

On Nostr, the database is public and open. It has no fantasies, just data. The "protected resource" is actually the user's private key. So authentication is reversed. The server demands authorization from the client rather than vice-versa. Truly mind blowing for anyone stuck in web dev for the past 20 years.

ben 1y ago

you can also go full on database-less when building an app. app has a keypair and can rw encrypted state data to relays. I did this in a PoC strava bridge where I stored app data on public relays. pretty paradigm shifting.

Reply to this note

Please Login to reply.

Discussion

Camilo 1y ago

🤯

nostr:nevent1qqste0dwuvmhap74q9vpjppqcegdmwman4405g6z89j74a6wu2m7hugpr4mhxue69uhkummnw3ezucnfw33k76twv4ezuum0vd5kzmp0qgs8hhhhhh4msuslw7f86rnhces9jds05c3hrl03tuadmyuj8fsny2grqsqqqqqp79u7qg

Hazey 1y ago

This approach needs to be leaned into more