Another application of this proposal is to abstract away the use of the 'root' keypairs when interacting with clients. For example, a user could generate new keypairs for each client they wish to use and authorize those keypairs to generate events on behalf of their root pubkey, where the root keypair is stored in cold storage.
In order to create a single condition, you must use a supported field and operator. Multiple conditions can be used in a single query string, including on the same field. Conditions must be combined with `&`.
For the vast majority of use-cases, it is advisable that query strings should include a `created_at`***after*** condition reflecting the current time, to prevent the delegatee from publishing historic notes on the delegator's behalf.
Delegation string to grant note publishing authorization to the delegatee (477318cf) from now, for the next 30 days, given the current timestamp is `1674834236`.
The delegatee (477318cf) can now construct an event on behalf of the delegator (8e0d3d3e). The delegatee then signs the event with its own private key and publishes.
The event should be considered a valid delegation if the conditions are satisfied (`kind=1`, `created_at>1674834236` and `created_at<1677426236` in this example) and, upon validation of the delegation token, are found to be unchanged from the conditions in the original delegation string.
Relays should answer requests such as `["REQ", "", {"authors": ["A"]}]` by querying both the `pubkey` and delegation tags `[1]` value.
#### Notes on Use Case Flow
Usually more than one client is involved in the delegation flow.
As a hint, a typical use case is described:
- User wishes to delegate from its primary identity, loaded into a primary client, to a secondary (delegated) identity, to be used in a secondary client.
- User selects delegation action in the primary client.
- Delegated pubkey is entered, e.g. by copy-and-paste from the secondary client.
- User enters optional conditions (validity period, event kind).
- Delegation tag is created.
- In the secondary client, user selects Delegated Identity option.
- User enters the delegation tag, e.g. by copy-and-paste.