1.1 KiB
NIP-97
Nostr Login
draft
optional
This NIP defines a method for a way for users to prove to apps that they control a certain private key. This can be used to enable login for services like the management panel of image hosts.
Login URI
A login URI is defined of the format nostr+login:<domain>:<identifier>
where domain
MUST be a valid DNS domain or .onion service. The identifier
MUST only consist of A-Z a-z 0-9 _ - .
.
This login URI can be presented as a clickable link, a QR code or a copyable string.
Login process
A client that wishes to log in to a service SHOULD display the domain associated with the service to the end user before allowing them to log in to prevent services showing a login string for another service.
After the user approves the login, the client should send a POST request to /.well-known/nostr-login
to the domain
with the i
query parameter set to the identifier
and a valid NIP-98 authentication header present.
HTTPS should always be used except for .onion
services, which should be contacted using HTTP.
Clients MAY or MAY NOT decide to implement support for .onion
services.