HTTP auth (NIP 98) … is an interesting approach. So a user (somehow) authenticates their nsec with a web client (still haven’t fixed this part) and this client then lays an auth cookie in the user’s browser which can be validated by other clients? And what about when these other clients request “additional” permissions not covered by the cookie? Seems tricky to handle Nostr auth without actual live access (somehow) to the nsec for signing…?

GitHub

nips/98.md at master · nostr-protocol/nips

Nostr Implementation Possibilities. Contribute to nostr-protocol/nips development by creating an account on GitHub.

Yup i wrote this demo in js last year since there was only a C# sharp demo. There are actually 2 repos and it makes sense from the backend. Can also use nip42 auth afaik.

GitHub

GitHub - bitkarrot/NIP98-js-client: NIP98 client demo in vanilla js (API auth in another repo)

NIP98 client demo in vanilla js (API auth in another repo) - bitkarrot/NIP98-js-client

Legend.