I am currently implementing LNURL-auth.
Do I have to check if k1 was created by me? The spec doesn't mention this [1]. I have seen that SN does that but maybe that is only done because the row is updated with the corresponding pubkey on valid signature. [2]
Assuming we would not use HTTPS (which the spec requires) or an attacker gets the wallet response in some other way, we could replay k1, sig, key to a different service which doesn't check if the service provided the k1.
Posted in SN telegram before
Yes there's the attack vector you mentioned, but I think the spec talks about making sure you check the k1 to avoid replay attacks to the same webserver (not just a different server).
reply
Oh, lol, now that you mentioned it, I see it:
LN SERVICE must make sure that unexpected k1s are not accepted: it is strongly advised for LN SERVICE to have a cache of unused k1s, only proceed with verification of k1s present in that cache and remove used k1s on successful auth attempts.
I must have been blind lol
I focused on "Wallet to service interaction flow"
reply
Spec blind devs are dangerous...but at least you're security conscious enough to remediate that lol.
reply
haha I guess so, thanks
Will have to figure out how to keep my session now however. That's not part of the spec and I can't trivially use Set-Cookie header
reply
I think you generate a session ID after this authentication. (Which you have to make sure is not based on time or any other predictable mechanism)
reply
Yes, but the server just responds with "OK" to the wallet. I don't respond to the browser on success.
So it's not obvious how to tell the browser about the session ID after authentication.
Edit: Mhh, I guess I can create a session ID and then return that session ID when the browser notices that the login was successful since I do polling.
Okay, that should work. Now my question sounds kind of dumb haha
reply
@k00b what do you do?
I think you would set the session ID before authentication, then after authentication remember that this session ID is authenticated now.
reply
I think you would set the session ID before authentication, then after authentication remember that this session ID is authenticated now.
Interesting
He uses next-auth; that takes care of that in ways I didn't understand yet.
But I think using that library is overkill for me (for now). I only want to support LNURL-auth.
Also, I like implementing stuff on my own first (yes, I know about "don't roll your own crypto" haha)
Really cool discussion, thanks for posting!
reply
Haha no worries
I should read more specs not properly lol
reply