mirror of
https://github.com/nostr-protocol/nips.git
synced 2024-11-13 23:39:08 -05:00
add flow
This commit is contained in:
parent
813485c386
commit
34ad4615f1
35
71.md
35
71.md
|
@ -14,6 +14,14 @@ A restricted event is an event which requires [NIP-42 Authentication of Clients
|
|||
- a user tagged in the event
|
||||
- a user who has [NIP-43 Delegated Authentication](https://github.com/nostr-protocol/nips/blob/master/43.md) from the author
|
||||
|
||||
The default behavior of a relay MUST be to reject any event that contains `["+"]`.
|
||||
|
||||
Relays that want to accept such events MUST first require that clients requesting restricted events perform the [NIP-42](https://github.com/nostr-protocol/nips/blob/master/42.md) `AUTH` flow and check that the authenticated user has the appropriate access for the requested restriced events.
|
||||
|
||||
## The tag
|
||||
|
||||
The tag is a simple tag with a single item: `["+"]`. It may be added to any event.
|
||||
|
||||
## Use Cases
|
||||
|
||||
- limiting metadata leakage of private chats
|
||||
|
@ -33,7 +41,7 @@ If the filter does not contain the `"restricted": true` attribute, the relay MUS
|
|||
- request authentication
|
||||
- return any restricted events
|
||||
|
||||
in response to a request. Even if there are restricted events that qualify for the filter, if the filter doesn't not have attribute `"restricted": true` the relay should behave as if those events are not stored on the relay.
|
||||
in response to a request. Even if there are restricted events that qualify for the filter, if the filter doesn't not have attribute `"restricted": true` the relay should behave as if those events are not stored on the relay. This is so that unauthenticated clients are unable to glean any information on what restricted events might be stored on the relay.
|
||||
|
||||
## Access
|
||||
|
||||
|
@ -48,4 +56,27 @@ A user has permission to request any restricted event in which their pubkey is t
|
|||
- authenticating as the tagged pubkey
|
||||
- authenticating with a delegated authentication token of mode 0-Login from the tagged pubkey
|
||||
|
||||
A user has permission to request any restricted event they have been granted access to by the delegated authentication tokens of mode 1-Restricted Event Permission they authenticate with. The filter used MUST BE narrower in scope than the filter condition of the delegated authentication token.
|
||||
A user has permission to request any restricted event they have been granted access to by the delegated authentication tokens of mode 1-Restricted Event Permission they authenticate with. The filter used MUST BE narrower in scope than the filter condition of the delegated authentication token.
|
||||
|
||||
## Flow
|
||||
|
||||
- User `abc...` connects to relay `wss://example.com`:
|
||||
|
||||
```jsonc
|
||||
/* client: */
|
||||
["REQ", "sub_1", {"authors": ["abc..."], "restricted": true}]
|
||||
/* relay: */
|
||||
["AUTH", "challenge_string"]
|
||||
["CLOSED", "sub_1", "auth-required: cannot serve restricted events to unauthenticated useres"]
|
||||
/* client: */
|
||||
["AUTH", {"id": "wxyz...", "pubkey": "abc...", "kind": 22242, "tags": [["relay", "wss://example.com"], ["challenge", "challenge_string"]], ...}]
|
||||
/* relay: */
|
||||
["OK", "wxyz...", true, ""]
|
||||
/* client: */
|
||||
["REQ", "sub_1", {"authors": ["abc..."], "restricted": true}]
|
||||
/* relay: */
|
||||
["EVENT", "sub_1", {...}]
|
||||
["EVENT", "sub_1", {...}]
|
||||
["EVENT", "sub_1", {...}]
|
||||
["EVENT", "sub_1", {...}]
|
||||
```
|
||||
|
|
Loading…
Reference in New Issue
Block a user