diff --git a/98.md b/98.md index ecbebc08..c8cba0f5 100644 --- a/98.md +++ b/98.md @@ -6,9 +6,9 @@ HTTP Auth `draft` `optional` `author:kieran` `author:melvincarvalho` -This NIP defines an ephemerial event used to authorize requests to HTTP servers using nostr events. +This NIP defines an ephemeral event used to authorize requests to HTTP servers using nostr events. -This is useful for HTTP services which are build for Nostr and deal with Nostr user accounts. +This is useful for HTTP services which are built for Nostr and deal with Nostr user accounts. ## Nostr event @@ -16,7 +16,7 @@ A `kind 27235` (In reference to [RFC 7235](https://www.rfc-editor.org/rfc/rfc723 The `content` SHOULD be empty. -The following tags are defined as REQUIRED. +The following tags MUST be included. * `u` - absolute URL * `method` - HTTP Request Method @@ -45,7 +45,7 @@ Example event: Servers MUST perform the following checks in order to validate the event: 1. The `kind` MUST be `27235`. -2. The `created_at` MUST be within a reasonable time window (suggestion 60 seconds). +2. The `created_at` timestamp MUST be within a reasonable time window (suggestion 60 seconds). 3. The `u` tag MUST be exactly the same as the absolute request URL (including query parameters). 4. The `method` tag MUST be the same HTTP method used for the requested resource. @@ -53,11 +53,11 @@ When the request contains a body (as in POST/PUT/PATCH methods) clients SHOULD i If one of the checks was to fail the server SHOULD respond with a 401 Unauthorized response code. -All other checks which server MAY do are OPTIONAL, and implementation specific. +Servers MAY perform additional implementation-specific validation checks. ## Request Flow -Using the `Authorization` header, the `kind 27235` event MUST be `base64` encoded and use the Authorization scheme `Nostr` +Using the `Authorization` HTTP header, the `kind 27235` event MUST be `base64` encoded and use the Authorization scheme `Nostr` Example HTTP Authorization header: ``` @@ -65,4 +65,4 @@ Authorization: Nostr eyJpZCI6ImZlOTY0ZTc1ODkwMzM2MGYyOGQ4NDI0ZDA5MmRhODQ5NGVkMjA ``` ## Reference Implementations -- C# ASP.NET `AuthenticationHandler` [NostrAuth.cs](https://gist.github.com/v0l/74346ae530896115bfe2504c8cd018d3) \ No newline at end of file +- C# ASP.NET `AuthenticationHandler` [NostrAuth.cs](https://gist.github.com/v0l/74346ae530896115bfe2504c8cd018d3)