nostr:npub1l2vyh47mk2p0qlsku7hg0vn29faehy9hy34ygaclpn66ukqp3afqutajft nostr:npub1xdtducdnjerex88gkg2qk2atsdlqsyxqaag4h05jmcpyspqt30wscmntxy I've been working on adding NIP-46 to noStrudel and while I've mostly got it working I've got a few questions about nsecBunker and login.nostrapps.org

nostr:npub1l2vyh47mk2p0qlsku7hg0vn29faehy9hy34ygaclpn66ukqp3afqutajft

The token that nsecBunker provides has a npub of the account and a hex token after the #

#

How is this token supposed to be used? is it supposed to be the secret key that the app uses to talk to nsecBunker?

There also seems to be bug where the first request made by the app asks the user for permission. but then never responds to the app and the app has to make the same request again

nostr:npub1xdtducdnjerex88gkg2qk2atsdlqsyxqaag4h05jmcpyspqt30wscmntxy why dose the nip04_decrypt method return a JSON stringified array with the plaintext inside (ie. '["testing"]') instead of just the plaintext?

Dose either nsecBunker or login.nostrapps.org implement the "describe" or "get_relays" methods?

Sorry for all the questions, but I'm excited to get this working and I figured it would be better to ask here instead of opening issues on GitHub

Here is a demo of a new onboarding flow for nostr applications. I started working on this after watching nostr:npub1wmr34t36fy03m8hvgl96zl3znndyzyaqhwmwdtshwmtkg03fetaqhjg240's keynote "Nostr for normies" at nostr:npub1nstrcu63lzpjkz94djajuz2evrgu2psd66cwgc0gz0c0qazezx0q9urg5l; which I highly recommend watching.

My goal here was to create a way to onboard new users without requiring them to:

* install a browser extension

* copy/paste a secret

* explain npub/nsec stuff

* without losing interoperability with other nostr applications

This flow resembles a lot an OAuth style (e.g. "Login with twitter") flow:

* You create an account in one site (e.g. Twitter)

* You can "login" to another site with that account

* You can revoke access from using your account

Behind the scenes this is using NIP-89 to find nsecBunkers that allow people to register an account in their domain.

This means that any nostr application can offer a signup/login flow on any nsecBunker domain. The application itself doesn't take custody nor ever see the generated key.

And what's cool is that any nsecBunker provider can create their own flow; they can use passwords, or not, they can require a payment or proof-of-work to create an account. They can brand their "signup/login" popup page in whatever way they want.

Here is a demo video of this new building block that is now available to nostr applications.

https://cdn.satellite.earth/2e2e353ac5f69caffdc73da81c4e735c19579432967323564924c585819e6ef9.mp4

https://techcrunch.com/2023/11/27/ransomware-catastrophe-at-fidelity-national-financial-causes-panic-with-homeowners-and-buyers/