Oddbean

Take a look at this prototype. It's a Nostr signer web-app - it works in your browser, doesn't need extensions, and stores your keys locally. I love the recent ideas by @PABLOF7z and @rabble about OAuth-like nostr signup/login flows, but OAuth is so smooth because it works on the web - no extensions or apps needed. And the only Nostr web-signing option we had until now was to give custody of your keys to a remote nsecbunker, or paste nsec into every app. This app, though, is a pure web app, and it does signing locally. It uses NIP46 just like nsecbunker, so it shouldn't be too hard for apps to start supporting it - the one that already works is Snort. With nip05 names added on top we can make signup/login flows that are very smooth and users would only deal with email-like usernames and passwords, without the custody of keys by third-parties. Ok, let's watch the demo. Your eyes will bleed, but it's a prototype. Maybe #nostrdesign team would help us turn it into something pleasant. https://video.nostr.build/b3bbcd1aa40ca6d1a3175f6690171e859dc85d41d7f4878b1bbc8f9b9c264fa9.mp4 This approach technically works across devices, but that's unreliable on mobile if device is locked, plus your devices are offline sometimes, so the best way would be to have this app store keys on each of your devices so that at least one instance of the signer is always online (on the device you're using right now). That's why this app has built-in password-protected cloud sync for keys. It's open source. App: https://login.nostrapps.org Client: https://github.com/nostrband/noauth Server: https://github.com/nostrband/noauthd

I just want to tell coracle which relay to use for nip46, bunker: url allows that. See nostr:nevent1qqsphc9rv7820h4hqchyg86h45q4hyvpsecscadpfwjx94pcuksjthcppamhxue69uhkummnw3ezumt0d5pzqv6kmesm89j8jvww3vs5pv46hqm7pqgvpm63twlf9hszfqzqhz7aqvzqqqqqqy86wtkn

Highly interested in this, but I'm not really up to speed, and I wasn't able to figure out the protocol when I last tried. This is high on my list, will probably put it together in January — I'm bullish on the OAuth workflow. If you want to open an issue or PR on coracle, that would make me very happy.

Yes yes this is so nice nostr:nprofile1qqsrx4k7vxeev3unrn5ty9qt9w4cxlsgzrqw752mh6fduqjgqs9chhgpr9mhxue69uhhyetvv9ujuumwdae8gtnnda3kjctv9uqsuamnwvaz7tmwdaejumr0dshsz9mhwden5te0wfjkccte9ehx7um5wghxyctwvshsd5c0fz !!!

Technically that's completely optional addon here. Signing works perfectly fine without this cloud sync capability. But the 'flow-for-normies' I was imagining was that on signup they get a nip05 name + enter a password, keys are stored on one device and synched to the cloud. Then they go to another device and 'login' by entering the nip05 and password - keys are synched to this new device and now it can sign too. This would make the experience very familiar, advanced users could turn this off and do manual key backups etc. Sync is end-to-end encrypted, server can't read your plaintext key unless it cracks your password. It works similar to Bitwarden if you heard of it.

Los "normies" que quieren seguir un camino más convencional ,no tienen por que saber toda la cocina o sea lo que sucede por detrás ....nunca les interesó, solo quieren que funcione y sea fácil....y eso está bien hasta cierto punto. Ahora se necesita la explicación más clara y entendible,o sea que pasos seguir ... Porq sino se sigue excluyendo a personas que quieren usar el protocolo nostr pero no se animan . Slds desde Uruguay ⚡🤙🏼🧉

Damn, started designing it based on your concept. Without the NIP-05 and with the bunker-link. Still wanted to get your thoughts on some ideas already though. 1. Homepage: shows your account, your bunker-link + ability to set password for acroos device-use and shows the connected apps that you can click to adjust permissions/open the app/etc... https://image.nostr.build/0db8c86f3cd728aa399dc141beacb7836c2f42ac55e00b5c53c392ee68e8753d.png 2. Pop Up (first time using app): the idea is to directly allow a bunch of basic actions so normies don't have go back and forth between apps, advanced would be things like changing the relay lists f.e. https://image.nostr.build/0c464dca2a4008bc32be8d5feedee2cbaf897388b69a5b79734232727c2080da.png 3. Pop Up for allowing Actions outside of the Basic scope https://image.nostr.build/97ce6ff62668d0ca90a444128f6fafdc93d509741d6f05b6c246dfad30c75a11.png Also, two questions: A. Do you have a name for it? Best I can think of is Nsafe, Webunker, Bunkey, Signor, ... B. Is this kind of style ok? @reya I'm using a serious font for you 😉 I'll draw out the NIP-05 stuff next. #nostrdesign

Oh wow, amazing! I didn't mean to discourage the bunker-link approach - nip05 doesn't remove the bunker-links, maybe when there is an OAuth-like flow we'd get rid of it. The nip05 would just be useful for logging into the Signer on a new device - it's easier to remember than npub. Pop ups look awesome, nothing to add atm! I would think on the Your Key section on homepage more: 1. The bunker link is not a 'key' - it's not secret, and we probably shouldn't mix the terminology with private keys. 2. I don't think we need to show the bunker-link on homescreen - it's content is meaningless and only useful rarely to connect a new app. 3. How about a 'Connect app' button that shows a modal with a QR-code of bunker-link, 'Copy' button, and a 'Paste this code to your app' message? 4. Also maybe a 'Cloud sync' button with a checkbox - shows a modal that explains it and asks to enter the password, checkbox turns checked after it was all set up? 5. Maybe we should show the npub under Your key section (instead of bunker-link) - as much as I think it's an awkward thing for normies, we won't get rid of npubs any time soon, and many apps ask for it, so a quick way to see and copy it would be useful. 'What is this' would show a small explainer about npub. WDYT? Re. the name - we have nsec.app domain name for it, let's call it 'Nsec app' ? I store my nsec/keys in the nsec app :) I like the style, could we also have the light theme? Re. drawing the nip05 stuff - without it user would have to remember their npub and password to login into the Nsec app on another device. The nip05 would simplify it to email-like nip05 and password - much easier to understand and remember. So maybe nip05 could just be displayed under the user's name near the avatar - would help people remember it? And of course on the Nsec app login screen, and maybe on 'import key' screen. Thank you for your help! #nostrdesign

Great input sir, makes it a lot better. On it! 1. Just called it "Key" because that's what Snort etc ask for in the field where you paste it. But you're completely right. 4. I drew the "cloud sync" option first but it didn't work in my design, in your idea it does, me gusta. Btw: I think indeed the way @PABLOF7z sees it, you can skip the bunker-link entirely and just use NIP-05 + password in general.

The "normies" who want to follow a more conventional path, don't have to know all the cooking, i.e. what goes on behind the scenes ...., they just want it to work and be easy .... and that's fine up to a point. Now they need a clearer and more understandable explanation, i.e. what steps to follow .... Because otherwise you keep excluding people who want to use the nostr protocol but don't dare. Slds from Uruguay ⚡🤙🏼🧉 Trad DeepL

クライアントtoクライアントでnsecbankerの署名を行ってるのこれ…？すごい。 nostr:nevent1qqsph8z6frev38yg05847ww9ak85lraj6z8hkce5zcmqnr3dkejhs2gpz4mhxue69uhhyetvv9ujuerpd46hxtnfduhsygpn2m0xrvukg7f3e69jzs9jh2ur0cypps8029dmayk7qfyqgzutm5psgqqqqqqspwhguc

https://github.com/nostrband/noauth nostr:nevent1qqsph8z6frev38yg05847ww9ak85lraj6z8hkce5zcmqnr3dkejhs2gpz3mhxue69uhhyetvv9ujumn0wd68ytnzvupzqv6kmesm89j8jvww3vs5pv46hqm7pqgvpm63twlf9hszfqzqhz7aqvzqqqqqqyke9fxw