Do you envision passing app name and icon to auth_url? So that bunker could display them when asking for confirmation, and also in the list of connected apps? Or should those be part of create_account/connect requests?
Login to reply
Replies (1)
No, as those are trivially forgeable so I think it’s better to not even try to show them and just rely on the URL if there is one. Perhaps we could use the domain of the URL and use a NIP-05 _@domain to resolve to a pubkey if the flow is web-triggered.
There’s a callbackUrl that I forgot to document on the spec; I’ll write it up before I send the NIP PR