mirror of
https://github.com/nostr-protocol/nips.git
synced 2024-12-22 16:35:52 -05:00
clarify created_at
and auth session duration.
This commit is contained in:
parent
4a5202646a
commit
50faceef09
9
42.md
9
42.md
|
@ -43,7 +43,8 @@ WebSocket URL of the relay. `created_at` should be the current time. Example:
|
||||||
```
|
```
|
||||||
|
|
||||||
The client may send an auth message right before performing an action for which it knows authentication will be required -- for example, right
|
The client may send an auth message right before performing an action for which it knows authentication will be required -- for example, right
|
||||||
before requesting `kind: 4` chat messages --, or it may do right on connection start or at some other moment it deems best.
|
before requesting `kind: 4` chat messages --, or it may do right on connection start or at some other moment it deems best. The authentication
|
||||||
|
is expected to last for the duration of the WebSocket connection.
|
||||||
|
|
||||||
Upon receiving a message from an unauthenticated user it can't fulfill without authentication, a relay may choose to notify the client. For
|
Upon receiving a message from an unauthenticated user it can't fulfill without authentication, a relay may choose to notify the client. For
|
||||||
that it can use a `NOTICE` message with a standard prefix `"restricted: "` that is readable both by humans and machines, for example:
|
that it can use a `NOTICE` message with a standard prefix `"restricted: "` that is readable both by humans and machines, for example:
|
||||||
|
@ -62,7 +63,7 @@ or it can return an `OK` message noting the reason an event was not written usin
|
||||||
|
|
||||||
To verify `AUTH` messages, relays must ensure:
|
To verify `AUTH` messages, relays must ensure:
|
||||||
|
|
||||||
- that the `kind` is `22242`
|
- that the `kind` is `22242`;
|
||||||
- that the event was recently signed (~10 minutes, by `created_at`)
|
- that the event `created_at` is close (e.g. within ~10 minutes) of the current time;
|
||||||
- that the `content` field matches the relay URL
|
- that the `content` field matches the relay URL:
|
||||||
- URL normalization techniques can be applied. For most cases just checking if the domain name is correct should be enough.
|
- URL normalization techniques can be applied. For most cases just checking if the domain name is correct should be enough.
|
||||||
|
|
Loading…
Reference in New Issue
Block a user