Such an improvement in onboarding nice!
Who do you envision will be the nsec bunker providers?
Here is a demo of a new onboarding flow for nostr applications. I started working on this after watching nostr:npub1wmr34t36fy03m8hvgl96zl3znndyzyaqhwmwdtshwmtkg03fetaqhjg240's keynote "Nostr for normies" at nostr:npub1nstrcu63lzpjkz94djajuz2evrgu2psd66cwgc0gz0c0qazezx0q9urg5l; which I highly recommend watching.
My goal here was to create a way to onboard new users without requiring them to:
* install a browser extension
* copy/paste a secret
* explain npub/nsec stuff
* without losing interoperability with other nostr applications
This flow resembles a lot an OAuth style (e.g. "Login with twitter") flow:
* You create an account in one site (e.g. Twitter)
* You can "login" to another site with that account
* You can revoke access from using your account
Behind the scenes this is using NIP-89 to find nsecBunkers that allow people to register an account in their domain.
This means that any nostr application can offer a signup/login flow on any nsecBunker domain. The application itself doesn't take custody nor ever see the generated key.
And what's cool is that any nsecBunker provider can create their own flow; they can use passwords, or not, they can require a payment or proof-of-work to create an account. They can brand their "signup/login" popup page in whatever way they want.
Here is a demo video of this new building block that is now available to nostr applications.
https://cdn.satellite.earth/2e2e353ac5f69caffdc73da81c4e735c19579432967323564924c585819e6ef9.mp4
Discussion
I think any client that sits at the top of the onboarding funnel it would make sense to run these things.
I am planning on building a bunch of non-bitcoiner-focused apps that will leverage this. I think this would also make a lot of sense for something like nostr:npub1zach44xjpc4yyhx6pgse2cj2pf98838kja03dv2e8ly8lfr094vqvm5dy5 's Flockstr to run (in fact, Zach came up with a username+password scheme as well but which the strings themselves compute to a key, so you would be essentially logging in to all clients directly with your nsec, which is why I think that approach is problematic, but same goal!)
Makes sense 👍
Is the the nsec bunker provider NIP-89 handler documented anywhere?
Would love to play around with this.
Its quite simple really;
It’s just a 31990 with a k-tag of the NIP-46 kind (24344 or something) and the 31990 profile data should have a _@domain as its NIP-05 that validly resolves to the pubkey that published the 31990.
If you want to peak under the hood the fans site I showed in the video is already deployed so you can play around with what I used to make the demo video (although I’m not 100% certain that I deployed the most recent version)
No doubt this approach is the better way to go.
From my experience onboarding people, they often love the idea of nostr but are left wondering what to do next. I think as nostr:nprofile1qqs8d3c64cayj8canmky0jap0c3fekjpzwsthdhx4cthd4my8c5u47spremhxue69uhkummnw3ez6ur4vgh8wetvd3hhyer9wghxuet59uq3wamnwvaz7tmjv4kxz7fwdehhxarj9e3xzmny9uq3wamnwvaz7tmwdaehgu3wwfjkcctev4ezuum99uutzdck suggests, we should rework the nostr.com site to be more of a normie onboarding tool than a dev-focused protocol explainer. Something that clearly outlines a bunch of example nostr usecases beyond traditional microblogging.
If we could build in a great onboarding experience directly on nostr.com, that would be awesome.