Nostr Web Client

👀

Say I added this onboarding flow to a nostr app N. Does that mean that nsecbunker is run individually by each new user? Is nsecbunker being run by nostr app N developer?

Roland 1y ago

It looks like it’s a custodial nsecbunker? So the user doesn’t look after their own nsec?

Exactly. This allows users to create a brand new account, and the nsecbunker keeps their private key for them and allows them to retrieve that key if they want (or if they lose access, to regain access using an email address the way that most people users on the internet are accustomed to).

Users can always take their private key and delete their account on the bunker but I imagine that plenty of users (just like with bitcoin) don't trust themselves to manage their own keys.

I love the idea of testing the familiarity of email, and recovery during onboarding. Let’s see how this does in practice compared to on device keypairs 👀

I’m guessing on device will win for a lot of people. They’ll join Nostr via a mobile app. Then that will be their gateway/signer for other apps that they try from then forward.

I am curious if initially a rough onboarding across a multitude of apps will lead to a need to consolidate multiple keys from multiple apps under one roof. Probably a non-problem today.

Roland 1y ago

I think it’s good initial onboarding and expanding Nostr. But I hope in the long run everyone takes responsibility for their own keys

jb55 1y ago

Once we have push notifications going clients like damus could become nsecbunkers. Then you would just confirm on your apple watch to login and sign things.

jb55 1y ago

I still think there are times you would want third parties to sign things on your behalf when you are not online (like a twitter crossposter for example), which is why I think delegation is important. You could just use nsecbunker if you had a node that was continuously on to sign things, but that will be hard for most people and will push people into custodial nostr.

hodlbod 1y ago

👀

Since this is aimed at new users who still need to create an account, them already having an nsecbunker running isn't really reasonable. Like nostr:npub1xtscya34g58tk0z605fvr788k263gsu6cy9x0mhnm87echrgufzsevkk5s said in another reply, other clients and service specifically there to run bunkers are the ones who will provide the backend.

The library uses NIP-89 (application handlers) to find nsecbunkers that support this sort of flow and then allow the user to select between them when creating an account.

But if we have an nsecbunker running we can still use it, right?

If you’re running an nsecbunker you probably won’t be creating a new account for yourself, right?

But I am going to add some UI to allow you to input your npub or nip05 to sign in (call the connect) method. It’ll still be up to the client itself to handle signing using nip-46 remote signing from that point forward though so I don’t know how useful that actually is.

PABLOF7z 1y ago

Why? Your polyfill is replacing window.nostr, why would the client still need to implement nip-46?

Wouldn’t the client need to still know to send events for signing to relays so that the bunker could sign them?

PABLOF7z 1y ago

Isn’t that what your nostrignite does?

Client calls window.nostr.signEvent

Nostr ignite gets the signature via nip-46 and returns it to the client

It doesn’t do that yet. Just creates a new account and calls connect and returns the pubkey to the client.

That’ll be a fairly easy add though.

Wait, I thought it would replace window.nostr with a popout thing that connected to NIP-46!

If it just creates an account then I don't like it.

One step at a time! This is how we actually deliver in 2 weeks™.

Signing coming next.

Don’t want to end up completely rewriting NDK here though. 🫠

Why not? Rewrite it in Rust.

😬 That is definitely not the way to ship in 2 weeks™

Also there's already: https://github.com/rust-nostr/nostr

Shouldn't that be the library to implement nip-46 in Rust?

nostr:npub1xy54p83r6wnpyhs52xjeztd7qyyeu9ghymz8v66yu8kt3jzx75rqhf3urc

சாரு-秋陽 1y ago

Given the name I am sure Hakkadaikon-san will be interested to contribute! nostr:npub1zqdnpm5gcfap8hngha7gcp3k363786phvs2etsvxw4nh6x9ydfzsuyk6mn

nostr:nevent1qqs0ac6lyxh27n5lgqt0rxf72uuftv4uruyj4sqntkef0lcex6dx6qspzpmhxue69uhkummnw3ezuamfdejsygqh88vn0hyvp3ehp238tpvn3sgeufwyrakygxjaxnrd8pgruvfkaupsgqqqqqqshghc2a

発火大根 hakkadaikon🎤 1y ago

👀✨

Robert Allen 1y ago

Awesome! I have been wanting to add this flow to an app I am working on. Will check this out.

I just tried to use it and the global `NostrIgnition` is not defined. Indeed it shows up nowhere in the minified bundle.

Yup. Realized last night talking to nostr:npub1jlrs53pkdfjnts29kveljul2sm0actt6n8dxrrzqcersttvcuv3qdjynqn that there is a browser quirk that needed fixing. Fix will be out in a few hours.

PABLOF7z 1y ago

Browsers have no quirks; they are precision machines