highperfocused/nips
1
0
Fork 0
mirror of https://github.com/nostr-protocol/nips.git synced 2025-03-25 17:21:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge 1853f186bb8d62e9b20d0bdf3587e8b9b55c44dc into 0619f370bca3485bb9c5870bc2defa03c7c3d10e

Browse Source
This commit is contained in:
Vitor Pamplona 2025-03-20 11:51:41 +08:00 committed by GitHub
commit 6a3243aded
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 37 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
42.md
View File

@ -6,7 +6,7 @@ Authentication of clients to relays
`draft` `optional`
This NIP defines a way for clients to authenticate to relays by signing an ephemeral event.
This NIP defines a way for clients to authenticate to relays by signing an ephemeral event and a way to specify which events are protected and MUST require authentication to be served.
## Motivation
@ -18,6 +18,42 @@ A relay may want to require clients to authenticate to access restricted resourc
## Definitions
### New field to identify protected events
Clients that want to force an authentication in any event can add a `requires_auth_by` with array of authorized pubkeys to the base event object.
Relays MUST authenticate connections with at least one of the pubkeys listed in `requires_auth_by` to return events.
```jsonc
{
"id": <32-bytes lowercase hex-encoded sha256 of the serialized event data>,
"pubkey": <32-bytes lowercase hex-encoded public key of the event creator>,
"requires_auth_by" [<32-bytes lowercase hex-encoded public key>, /* ... */ ],
"created_at": <unix timestamp in seconds>,
"kind": <integer between 0 and 65535>,
"tags": [
[<arbitrary string>...],
// ...
],
"content": <arbitrary string>,
"sig": <64-bytes lowercase hex of the signature of the sha256 hash of the serialized event data, which is the same as the "id" field>
}
```
NIP-42 supporting relays must then include the `requires_auth_by` field as the 7th position in the serialization of the event. This guarantees that relays and clients that do not support this NIP cannot validate protected events and will never be able to receive them, avoiding leaking the event structure to a public relay.
```js
[
0,
<pubkey, as a lowercase hex string>,
<created_at, as a number>,
<kind, as a number>,
<tags, as an array of arrays of non-null strings>,
<content, as a string>,
<requires_auth_by, as an array of non-null strings>
]
```
### New client-relay protocol messages
This NIP defines a new message, `AUTH`, which relays CAN send when they support authentication and clients can send to relays when they want to authenticate. When sent by relays the message has the following form: