pull down to refresh

0 sats \ 3 replies \ @nquiz 30 Nov 2023 \ on: create an account in the db for a nostr client nostr
The approach we used (eg for https://js.nquiz.io) was based on Nostr Passport Auth - https://github.com/nosdav/passport-nostr
Basically you just use a signed note in the request header. No tokens needed! Just verify the event at backend with each request (signed, within a date range, comes from the correct domain etc)
write
preview
0 sats \ 2 replies \ @GlobalThreat OP 30 Nov 2023
I'm not using express though. Nor am I using passport.
I can get the nip05 but I don't know how to authenticate a user (ie: a signin). is there some kind of secret token that getalby gives me back somehow?
I'm using ndk
reply
0 sats \ 1 reply \ @nquiz 30 Nov 2023 freebie
you don't need to use their library - check the implementation, it's just a few lines of code
You literally just sign an event and stick it in the auth header. This proves to backend that you control the private key, and that you are logging in to X website at X time.
This approach works with all signing mechanisms (nsecbunker, extensions, local key, signing device).