Nostr Web Client

Should be nip-07, if you mean allowing people to sign into your website

I don't think this covers authentication, just signing events?

Please Login to reply.

It will open the extension and ask how long they’d like to give access. This might be a good example:

Yea extension don’t do auth. Only sign events. I was looking at this last week. Haven’t tried anything.

What's the difference in your opinion? Can you use a NIP 07 extension with only a public key?

I think someone could make a malicious extension that that doesn't validate and can exploit a service just reading the public key

Would be interesting to try and do this. You’re making me realize I have a few assumptions about how nip 07 signing works.