pull down to refresh

it's likely this behavior will be re-worked in the future
Do you have suggestions? I think this is a limitation of how NWC is generally used since we don't want to store spending permissions on our server.1 So afaict, we need two separate connections since one needs to be on your device or encrypted on the server and one needs to be in plaintext on the server.
I think all we can do is to explain this better but wallets will continue to have to provide two different strings unless the spec is updated in some way. 🤔

Footnotes

  1. and nobody should if they want to claim they are non-custodial ↩
I think the solution is to separate send/receive into independent steps as we've discussed.
reply
0 sats \ 6 replies \ @ek 19 Dec
ah yes, independent steps can explain it better but we will still need two different NWC strings so I was replying to the "for now" in
but for now, you need TWO DIFFERENT NWC STRINGS.
reply
I guess we can add an explainer in the short term.
Why do we need two separate stings? XYZ app lets me use just one.
We don't ever store spending permissions on the server. To enable receiving, we need a string without spending permissions for the server. To enable spending, we need one string for that never leaves your browser.
reply
Does this mean we need to reenter the nwc connection string for spending if we close our browser without saving cookies and site data? I entered two separate nwc connection strings to SN for sending and receiving respectively and the logs show that the wallet configurations are saved. But when I check some time later the connection string for sending is blank while the connection string for receiving is still intact.
reply
17 sats \ 0 replies \ @ek 23 Dec
It's stored locally so if your browser data gets deleted, it will be gone, yes.
But you can enable device sync in your settings then we will store it encrypted on our server and send it to your other devices if you entered the same passphrase there.
reply
We don't store spending credentials on the server unless you enabled device sync (which allows us to encrypt and store them).
Without device sync, you need to input spending creds on every device and browser you want to use them on.
reply
Nice! Love that you guys are building with security in mind. I'm not a UI/UX guy, but some help text explaining this in the wallets settings could be useful for new users like me.
reply
It's there. It's just not top of line like it should be. Thanks for the feedback
reply