mirror of
https://github.com/nostr-protocol/nips.git
synced 2024-12-22 16:35:52 -05:00
NIP-98
This commit is contained in:
parent
1678c53dcd
commit
29f26e72b5
64
98.md
Normal file
64
98.md
Normal file
|
@ -0,0 +1,64 @@
|
|||
NIP-98
|
||||
======
|
||||
|
||||
HTTP Auth
|
||||
-------------------------
|
||||
|
||||
`draft` `optional` `author:kieran` `author:melvincarvalho`
|
||||
|
||||
This NIP defines and ephemerial event used to authenticate requests to HTTP servers using nostr events.
|
||||
|
||||
This is useful for HTTP services which are build for Nostr and deal with Nostr user accounts.
|
||||
|
||||
## Nostr event
|
||||
|
||||
A `kind 27235` (In reference to [RFC 7235](https://www.rfc-editor.org/rfc/rfc7235)) event is used.
|
||||
|
||||
The `content` SHOULD be empty.
|
||||
|
||||
The following tags are defined as REQUIRED.
|
||||
|
||||
* `url` - absolute URL
|
||||
* `method` - HTTP Request Method
|
||||
|
||||
Example event:
|
||||
```json
|
||||
{
|
||||
"id": "fe964e758903360f28d8424d092da8494ed207cba823110be3a57dfe4b578734",
|
||||
"pubkey": "63fe6318dc58583cfe16810f86dd09e18bfd76aabc24a0081ce2856f330504ed",
|
||||
"content": "",
|
||||
"kind": 27235,
|
||||
"created_at": 1682327852,
|
||||
"tags": [
|
||||
[
|
||||
"url",
|
||||
"https://api.snort.social/api/v1/n5sp/list"
|
||||
],
|
||||
[
|
||||
"method",
|
||||
"GET"
|
||||
]
|
||||
],
|
||||
"sig": "5ed9d8ec958bc854f997bdc24ac337d005af372324747efe4a00e24f4c30437ff4dd8308684bed467d9d6be3e5a517bb43b1732cc7d33949a3aaf86705c22184"
|
||||
}
|
||||
```
|
||||
|
||||
Servers MUST perform the following checks in order to validate the event:
|
||||
1. The `kind` MUST be `27235`.
|
||||
2. The `created_at` MUST be within a reasonable time window (suggestion 60 seconds).
|
||||
3. The `url` tag MUST be exactly the same as the absolute request URL (including query parameters).
|
||||
4. The `method` tag MUST be the same HTTP method used for the requested resource.
|
||||
|
||||
All other checks which server MAY do are OPTIONAL, and implementation specific.
|
||||
|
||||
## Request Flow
|
||||
|
||||
Using the `Authorization` header, the `kind 27235` event MUST be `base64` encoded and use the Authorization scheme `Nostr`
|
||||
|
||||
Example HTTP Authorization header:
|
||||
```
|
||||
Authorization: Nostr eyJpZCI6ImZlOTY0ZTc1ODkwMzM2MGYyOGQ4NDI0ZDA5MmRhODQ5NGVkMjA3Y2JhODIzMTEwYmUzYTU3ZGZlNGI1Nzg3MzQiLCJwdWJrZXkiOiI2M2ZlNjMxOGRjNTg1ODNjZmUxNjgxMGY4NmRkMDllMThiZmQ3NmFhYmMyNGEwMDgxY2UyODU2ZjMzMDUwNGVkIiwiY29udGVudCI6IiIsImtpbmQiOjI3MjM1LCJjcmVhdGVkX2F0IjoxNjgyMzI3ODUyLCJ0YWdzIjpbWyJ1cmwiLCJodHRwczovL2FwaS5zbm9ydC5zb2NpYWwvYXBpL3YxL241c3AvbGlzdCJdLFsibWV0aG9kIiwiR0VUIl1dLCJzaWciOiI1ZWQ5ZDhlYzk1OGJjODU0Zjk5N2JkYzI0YWMzMzdkMDA1YWYzNzIzMjQ3NDdlZmU0YTAwZTI0ZjRjMzA0MzdmZjRkZDgzMDg2ODRiZWQ0NjdkOWQ2YmUzZTVhNTE3YmI0M2IxNzMyY2M3ZDMzOTQ5YTNhYWY4NjcwNWMyMjE4NCJ9
|
||||
```
|
||||
|
||||
## References
|
||||
- C# ASP.NET `AuthenticationHandler` [NostrAuth.cs](https://gist.github.com/v0l/74346ae530896115bfe2504c8cd018d3)
|
Loading…
Reference in New Issue
Block a user