Comments (4)
lnurl-auth
is only one request, it doesn't have the first request to fetch params from the server then another request that provides the server with actionable data. Instead the lnurl itself already contains query string tag=login&k1=random-32byte-hex
. Wallet will see that and call the URL directly with query string params tag=login
, k1=...
, key
and sig
.
On the server side, once you use the tag=login
to route the request to the appropriate handler. Then you use k1
, key
and sig
to verify the signature.
const secp256k1 = require("secp256k1")
let signatureOk = secp256k1.verify(k1, secp256k1.signatureImport(sig), key)
if (signatureOk) {
activeSessions[k1] = key
}
That example above supposes you have a super naïve object with the current active sessions (could be session cookies or any other form of session) and then you're assigning a pubkey to one of them, meaning that that session is now identified with a public key.
In reality you would probably keep these sessions on Redis or somewhere else. And if the application requires it (commonly) then create a user in a database with the given public key.
At https://etleneum.com/ I use the following approach:
- Once someone visits the site, they start listening to a Server-Sent Events (SSE) endpoint identified by a secret random string.
- At server-side, each secret is associated with a
k1
. Thatk1
is used in the lnurl-auth QR code the user sees. - If at anytime the user scans the lnurl-auth QR code, the server backend knows what
k1
corresponds to each secret and sends a message over the SSE connection to that specific secret saying: "you're logged!!!!!!" and stores the secret temporarily as a login token on Redis. - Once user gets the logged message it stores the secret on
localStorage
so next time it visits the site once it starts listening to the SSE using that same secret the server already knows it is logged and sends "you're logged already!!!!!!!!!!!!!! welcome back user !!!!!!!!!!!!!!!!!!!".
Please note my code still has some stupid bugs there.
from lnurl-node.
Thank you for the additional information. What about logging out / de-authorizing a linkingKey?
from lnurl-node.
I've implemented the lnurl-login flow in this module, but I don't see how it is useful with either the current CLI or API. For this subprotocol to be useful, a session should be persisted to some datastore (in the case of CLI) or the API should allow the developer to listen for new successful logins.
from lnurl-node.
I didn't really look at how the module is organized, but it will be useful if some existing service could import it and use it to verify lnurl-login attempts (just verify the signature, in fact). That would be very useful for developers as no one understand signatures and public keys and so on in the webapp world.
from lnurl-node.
Related Issues (20)
- Document useful hooks and events HOT 1
- Lightning Address support HOT 1
- Add more Lightning backends
- New, refactored middleware hooks HOT 1
- New option to set custom /status endpoint HOT 1
- "uses" in signed URL more than one time HOT 2
- Add new LN backend: c-lightning HOT 4
- LUD-08: Fast withdrawRequest
- LUD-09: successAction in payRequest HOT 1
- LUD-10: aes successAction in payRequest
- LUD-16: Lightning Address HOT 1
- LUD-17: New URI schema prefixes
- Investigate broken lnbits LN backend integration HOT 1
- Callback configuration missing HOT 1
- LNPAY and Coinos lightning backends are getting invalid response from the server.
- Planned v1.0.0 release
- Auth in serverless HOT 3
- LndBackend should not require cert HOT 4
- Connect multiple LND nodes for same LNUrl server
- enable nostr
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from lnurl-node.