mirror of
https://github.com/nostr-protocol/nips.git
synced 2024-12-22 08:25:53 -05:00
Spelling and clarifcations
This commit is contained in:
parent
9879e90ad9
commit
74611d2580
14
98.md
14
98.md
|
@ -6,9 +6,9 @@ HTTP Auth
|
||||||
|
|
||||||
`draft` `optional` `author:kieran` `author:melvincarvalho`
|
`draft` `optional` `author:kieran` `author:melvincarvalho`
|
||||||
|
|
||||||
This NIP defines an ephemerial event used to authorize requests to HTTP servers using nostr events.
|
This NIP defines an ephemeral event used to authorize requests to HTTP servers using nostr events.
|
||||||
|
|
||||||
This is useful for HTTP services which are build for Nostr and deal with Nostr user accounts.
|
This is useful for HTTP services which are built for Nostr and deal with Nostr user accounts.
|
||||||
|
|
||||||
## Nostr event
|
## Nostr event
|
||||||
|
|
||||||
|
@ -16,7 +16,7 @@ A `kind 27235` (In reference to [RFC 7235](https://www.rfc-editor.org/rfc/rfc723
|
||||||
|
|
||||||
The `content` SHOULD be empty.
|
The `content` SHOULD be empty.
|
||||||
|
|
||||||
The following tags are defined as REQUIRED.
|
The following tags MUST be included.
|
||||||
|
|
||||||
* `u` - absolute URL
|
* `u` - absolute URL
|
||||||
* `method` - HTTP Request Method
|
* `method` - HTTP Request Method
|
||||||
|
@ -45,7 +45,7 @@ Example event:
|
||||||
|
|
||||||
Servers MUST perform the following checks in order to validate the event:
|
Servers MUST perform the following checks in order to validate the event:
|
||||||
1. The `kind` MUST be `27235`.
|
1. The `kind` MUST be `27235`.
|
||||||
2. The `created_at` MUST be within a reasonable time window (suggestion 60 seconds).
|
2. The `created_at` timestamp MUST be within a reasonable time window (suggestion 60 seconds).
|
||||||
3. The `u` tag MUST be exactly the same as the absolute request URL (including query parameters).
|
3. The `u` tag MUST be exactly the same as the absolute request URL (including query parameters).
|
||||||
4. The `method` tag MUST be the same HTTP method used for the requested resource.
|
4. The `method` tag MUST be the same HTTP method used for the requested resource.
|
||||||
|
|
||||||
|
@ -53,11 +53,11 @@ When the request contains a body (as in POST/PUT/PATCH methods) clients SHOULD i
|
||||||
|
|
||||||
If one of the checks was to fail the server SHOULD respond with a 401 Unauthorized response code.
|
If one of the checks was to fail the server SHOULD respond with a 401 Unauthorized response code.
|
||||||
|
|
||||||
All other checks which server MAY do are OPTIONAL, and implementation specific.
|
Servers MAY perform additional implementation-specific validation checks.
|
||||||
|
|
||||||
## Request Flow
|
## Request Flow
|
||||||
|
|
||||||
Using the `Authorization` header, the `kind 27235` event MUST be `base64` encoded and use the Authorization scheme `Nostr`
|
Using the `Authorization` HTTP header, the `kind 27235` event MUST be `base64` encoded and use the Authorization scheme `Nostr`
|
||||||
|
|
||||||
Example HTTP Authorization header:
|
Example HTTP Authorization header:
|
||||||
```
|
```
|
||||||
|
@ -65,4 +65,4 @@ Authorization: Nostr eyJpZCI6ImZlOTY0ZTc1ODkwMzM2MGYyOGQ4NDI0ZDA5MmRhODQ5NGVkMjA
|
||||||
```
|
```
|
||||||
|
|
||||||
## Reference Implementations
|
## Reference Implementations
|
||||||
- C# ASP.NET `AuthenticationHandler` [NostrAuth.cs](https://gist.github.com/v0l/74346ae530896115bfe2504c8cd018d3)
|
- C# ASP.NET `AuthenticationHandler` [NostrAuth.cs](https://gist.github.com/v0l/74346ae530896115bfe2504c8cd018d3)
|
||||||
|
|
Loading…
Reference in New Issue
Block a user