From cbcb49fdcfc4618f94e567686f3b5249d852039d Mon Sep 17 00:00:00 2001
From: Jon Staab <shtaab@gmail.com>
Date: Fri, 23 Feb 2024 08:15:54 -0800
Subject: [PATCH] Add `claim` tag to AUTH

---
 42.md | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/42.md b/42.md
index 8c70de49..9fb89c42 100644
--- a/42.md
+++ b/42.md
@@ -36,7 +36,17 @@ And, when sent by clients, the following form:
 
 ### Canonical authentication event
 
-The signed event is an ephemeral event not meant to be published or queried, it must be of `kind: 22242` and it should have at least two tags, one for the relay URL and one for the challenge string as received from the relay. Relays MUST exclude `kind: 22242` events from being broadcasted to any client. `created_at` should be the current time. Example:
+The signed event is an ephemeral event of `kind: 22242` and it should have at least two tags, one for the relay URL,
+and one containing evidence of access. This may be one of:
+
+- `challenge` - the challenge string recieved from the relay.
+- `claim` -  an arbitrary token exchanged out-of-band. Relays SHOULD store this authorization so that the `challenge`
+  method can be used in the future.
+
+Clients MUST NOT publish these events. Relays MUST exclude `kind: 22242` events from being broadcasted to any client.
+Relays MUST validate that `created_at` is the current time, adjusting for clock skew.
+
+Example:
 
 ```json
 {