Nostr Web Client

Is there any interest in header based client authentication instead of after the websocket is opened (NIP-42)?

I understand other use cases where it happens later in the flow, but why not both?

Seems like this would be smart for private relays (e.g. company internal relay). You wouldn't even want to open the socket unless the user had auth'd, probably with a challenge-response or something.

Unless that already exists and I just missed it.

Reply to this note

Please Login to reply.

Discussion

Mazin 2y ago

Yup. I’m trying to figure out why it’s not an option or what I’m missing🤔

armstrys 2y ago

Can’t a bunch of spammy requests to open web-sockets be pretty hard on relays too? I seem to remember someone saying that… maybe #[4] ?

MaxMoney21M⚡ 2y ago

DoS is an ever-present problem, this doesn't solve it. It's just a way to prevent opening sockets with unknown clients.

Cameri🐦‍🔥 2y ago

Yeah, NIP-42 is pretty🤢it doesn’t feel as good as the other NIPs