Oddbean new post about | logout
 Alby (at least, used to) doesn't allow concurrent pending requests, and most apps don't do concurrent requests, how do you know these are the actions the app is about to execute, except for the first one? 
 Well its all async, there's no reason why an app couldn't make many concurrent requests at once, like when decrypting 100 notes.

It maintains a queue of requests (which contain promises that get called on approve/deny). The auth window gets updated in realtime, and then there is a button to lock-in and review incase they try to add something at the last moment without you noticing. 
 That's correct, what I am saying is that for whatever reason, maybe bcs it wasn't supported by other extensions, most apps don't do this, and if started would get errors from existing extensions, and thus it's not gonna be of any benefit for most apps.  
 hmm I guess that's ok for now, as it will show only one things instead of many, and it will be ready for future app updates. 
 We tried this with nsec.app, and went back to one req per confirm screen, because then there is more space for showing details of what the app is doing - raw json, raw encrypted payload, users added to contact list etc. Just saying, if that adds something to your design decisions. Maybe also check Amber, they are quite ahead of the curve here, i.e. support approval by nip, not just kind. 
 we will likely have a drill-down option, but I think we can fit a high level overview in a half-popup on the page 
 raw json is for nerds, most people won't know what they are looking at. I'm going to try to have ways to describe what is happening without having to show any json. of course there will be a way to view the json, but in reality most people won't be looking at that. 
 100% that's the way, but json is still necessary. This and all kinds of things the app might be doing is not trivial to design for, at least for me. 
 this is why I put it as challenge to rob xD 
 good point on the nip/kind distinction though. I think by nip makes sense. 
 I think manually defining categories may be better than NIPs because some NIPs you may want to only partially authorize for 
 forcing raw json on a man is akin to demanding a duel 🤺