Oddbean new post about | logout
 If people only used auth_url popups to confirm then your bot wouldn't do harm. Doing confirms through popups has other useful features. I wonder if I should implement the 'secret' thing and only show connection requests with a secret in the nsec.app itself. 
 That is what I did. Gossip (as a bunker) only honors connects that provided the correct secret. The user doesn't get bothered by junk connect requests.

Clients that don't bother to send the secret part of the bunker URL cannot use gossip as a bunker (which is unfortunately every client we have tried so far).

BTW I didn't actually make such a bot. 
 Yeah requiring secret seems like a good path forward for non-oauth-like flows. 

I will send some PRs to clients to add support for it.

That bot will inevitably be made bcs it's quite trivial, so thank you for raising the issue sooner.