Oddbean

▲ ▼

 Every client generates a temporary npub for you when you log in and they’re supposed to delete it when you log out

▲ ▼

 You shouldn’t need to worry about the temporary npubs though. They’re just technically needed to make the remote signing work.

▲ ▼

 I put names of the app on each so it’s easier to keep track of

▲ ▼

 I also delete them when I’m not using them anymore

▲ ▼

 Do you confirm using popups, or do you keep nsec.app tab open? Popups should show the app's domain name, not just npub, you wouldn't have to edit the name manually.

▲ ▼

 I was scared from the popups on my laptop.
I kept nsec.app opened in my iPhone (I actually need to restart it to see the permission request).
The popups seemed to want me to enter the passphrase so it could down the main nsec to my laptop - which is NOT what I want.

▲ ▼

 Yeah well, popups expect that you're okay with downloading the key on that device :(

▲ ▼

 The UI should be more clear about that.
Anyways, do you know why the initial permission requests were a little buggy and I had to restart the nsec.app?
The push-notification permissions are on, but I wouldn’t trust that mechanism (I have a little experience with app development). If nsec.app is open in the foreground, it should always wait for events via nostr websockets - maybe even allow to connect to more than one (in addition to relay.nsec.app).

▲ ▼

 Not sure why you had to restart, it does monitor requests in real time and should show the popup when in the foreground. Do you still have to restart?

▲ ▼

 Once I approved everything I no longer had to restart the app.

▲ ▼

 Both, but I was also testing with a node.js sample app I made. Had to add a name on that one.

▲ ▼

 Well, I’m guessing it’s a temporary npub to send & receive private messages between my laptop and my phone (over nostr too): the content to be signed/encrypted/decrypted and the signatures/encrypted/decrypted-data.

I was thinking about using nsec.app as an alternative for the nsecbunker.com daemon/dockers: to run a shared account that can be controlled by multiple users (like for a company) - by keeping a computer with a Brave browser open with nsec.app and allowing my npub and my friends’ npubs. But this means I would need to re-approve new npubs if we log out (which means logging to that computer).

▲ ▼

 I haven’t tried adding on npubs for shared access, but I don’t think you’d need to reapprove them. As long as you have access to the nsec.app dashboard you should be able to add new npubs to the connection if my understanding is correct. You’re adding the permanent user npubs, not the temporary ones.

▲ ▼

 You would need to approve them for each app though

▲ ▼

 Actually I’m getting mixed up. I think you’re right. Probably should wait for confirmation from @brugeman though.

▲ ▼

 I have not tried using nsecbunker to share access, but from my understanding what you want is:
- add npubs that are allowed to control the main key
- set permissions for each such npub - is they can accept connections, confirm certain kinds, etc
- then if one of those users are trying to log into an app, they would confirm the connection/signing themselves (but within limits that you've specified)
- all this without your friends getting access to your main nsec, which is stored safely on one of your devices

Is that roughly it?

▲ ▼

 Yes, there is even no need to confirm logging to a new app themselves.
They will only use one app: snort/coracle. I want to approve them once on the main device that stores the main key.
I think it could be implemented simply by changing the code of snort/coracle to use window.nostr.nip04.encrypt/decrypt and window.nostr.signEvent/getPublicKey - so the same nsec-npub keypair in the extension will be used to communicate with the bunker, instead of generating a temporary nsec-npub keypair on every session.

▲ ▼

 Oh that's an interesting idea of using extension key as app key... need to think it through.

Meanwhile, if they're gonna use just one app, they could try to log in as your main key on their device, you would confirm on main device, add needed permissions (manually or on request) and then they'd just keep using it? If they'd need to re-login you'd have to confirm again, but once the session is created they should be able to use it just fine?

▲ ▼

 I wouldn’t want them to keep a session open on their laptop but it’s an interesting idea to keep a session open on their smartphone. I’m writing this note from coracle that I added to my home screen as an app (the session even survived a reboot of my iPhone). Do you know of Android apps that support nsecbunker login? Primal/Amethyst?

▲ ▼

 No, I don't think any native app supports that, unfortunately.

▲ ▼

 I wouldn’t want them to keep a session open on their laptop but it’s an interesting idea to keep a session open on their smartphone. I’m writing this note from coracle that I added to my home screen as an app (the session even survived a reboot of my iPhone). Do you know of Android apps that support nsecbunker login? Primal/Amethyst?

▲ ▼

 What does this option in the App Details do? (I’m also having trouble saving the change of the app name - it’s stuck). https://i.nostr.build/fz9FVbwxKcLu8Zrf.jpg

▲ ▼

 It's just a way for you to mark this session as "I shared it with this npub". If you gave someone access by confirming a login on their device and then mark a session using this option, then you'd be able to filter the activity and connections on the key's screen - you'll be able to select "yourself" or "that npub you shared with". This is some beginnings of shared access, just for reporting.