Oddbean new post about login | logout Many clients already support NIP-42 and our relays don’t need anything special, but not all implementations work correctly with all AUTH flows. I think most of the problems can be solved by clients correctly implementing the spec as it is today. The original spec did not include the CLOSED response so we used to send NOTICE/EOSE instead which wasn’t ideal. With CLOSED, clients know why a REQ was closed and whether it requires AUTH or is prohibited. They can then know which REQs to retry after they complete the AUTH.
I know I didn’t really answer your question… I think clients that are strictly interested in public content do not need to implement NIP-42. If your client handles DMs, NWC events, or any other “private” data I think some form of AUTH is useful and important for access control.
I will will use this for DMs in my onboarding client. https://nostrmeet.me