Add authorize by payment

This commit is contained in:
ArjenStens 2024-11-22 09:07:08 +00:00
parent f3244a0903
commit eebf1f0446

17
42.md
View File

@ -23,7 +23,16 @@ A relay may want to require clients to authenticate to access restricted resourc
This NIP defines a new message, `AUTH`, which relays CAN send when they support authentication and clients can send to relays when they want to authenticate. When sent by relays the message has the following form: This NIP defines a new message, `AUTH`, which relays CAN send when they support authentication and clients can send to relays when they want to authenticate. When sent by relays the message has the following form:
``` ```
["AUTH", <challenge-string>] ["AUTH", <challenge-string>, <payment-request>]
```
- `<payment-request>` (optional) is a Cashu [NUT-18](https://github.com/cashubtc/nuts/blob/main/18.md) payment request. Its transports field must include at least the following transport method:
```json
{
"type" : "nostr",
"target" : "",
"tags" : [ [ "n", "42" ] ]
}
``` ```
And, when sent by clients, the following form: And, when sent by clients, the following form:
@ -32,7 +41,7 @@ And, when sent by clients, the following form:
["AUTH", <signed-event-json>] ["AUTH", <signed-event-json>]
``` ```
`AUTH` messages sent by clients MUST be answered with an `OK` message, like any `EVENT` message. - `AUTH` messages sent by clients MUST be answered with an `OK` message, like any `EVENT` message.
### Canonical authentication event ### Canonical authentication event
@ -45,10 +54,13 @@ The signed event is an ephemeral event not meant to be published or queried, it
["relay", "wss://relay.example.com/"], ["relay", "wss://relay.example.com/"],
["challenge", "challengestringhere"] ["challenge", "challengestringhere"]
], ],
"content": "<payment>"
// other fields... // other fields...
} }
``` ```
`<payment>` (optional) is only to be filled as a response to a [NUT-18](https://github.com/cashubtc/nuts/blob/main/18.md) `<payment-request>`. It must be a valid [NUT-00](https://github.com/cashubtc/nuts/blob/main/00.md#03---methods) cashu token.
### `OK` and `CLOSED` machine-readable prefixes ### `OK` and `CLOSED` machine-readable prefixes
This NIP defines two new prefixes that can be used in `OK` (in response to event writes by clients) and `CLOSED` (in response to rejected subscriptions by clients): This NIP defines two new prefixes that can be used in `OK` (in response to event writes by clients) and `CLOSED` (in response to rejected subscriptions by clients):
@ -103,3 +115,4 @@ To verify `AUTH` messages, relays must ensure:
- that the `"challenge"` tag matches the challenge sent before; - that the `"challenge"` tag matches the challenge sent before;
- that the `"relay"` tag matches the relay URL: - that the `"relay"` tag matches the relay URL:
- URL normalization techniques can be applied. For most cases just checking if the domain name is correct should be enough. - URL normalization techniques can be applied. For most cases just checking if the domain name is correct should be enough.
- that the `content` field (if present) contains a valid, unspent cashu token.