pull down to refresh

How Does Lightning Authentication Work?
307 sats \ 3 comments \ @spiderman 6 Oct bitcoin_beginners

So, I always understood lightning as an L2 payment protocol (eventually swapped out to L1 Sats), but did not know it is also an authentication protocol (like OAuth2). But some websites (like Predyx) are giving me the option to log in with lightning.

Is there a relatively laymen friendly explanation of

  • How it works internally, as in how does it identify a specific user, in the absence of any primary key like email address?
  • What apps do I need to use it? I scanned the QR code for lightning sign up, and my phone says no app found, even though I have the Blockstream Green that can send and receive lightning sats. Do I need something else?
write
preview
related posts
121 sats \ 2 replies \ @grimtechnet 6 Oct

I was wondering the same thing so I looked it up.

Any website/app can implement LNURL-auth, the spec for it is here https://github.com/lnurl/luds/blob/luds/04.md

The auth works like this. Instead of taking the traditional username/password, LNURL-auth uses key based login. The user has to prove they control a domain-specific linkingKey derived from their wallet seed.

The procedure goes like this

  1. LNURL-auth uses a keypair called a linkingKey, which is derived from a combination of your master seed, and the domain name that you're logging into.
  2. The website sends a challenge to you, which contains a random string.
  3. Your wallet signs the challenge using it's private linkingKey, and sends it back to the website.
  4. The website can check the signed challenge and verify that it matches the public linkingKey. If it matches, it knows you're in control of the private linkingKey.

So to answer your questions directly,

  1. Instead of an e-mail primary key, LNURL-auth uses the linkingKey as the unique user identifier.
  2. Compatible wallets are listed in the table following the text, "Auth base spec." https://github.com/lnurl/luds/tree/luds#lnurl-documents
reply
0 sats \ 1 reply \ @spiderman OP 6 Oct

Thanks for the explanation, sounds like Nostr then, basically those linkingKeys acting like like npub. Wonder whichever server chooses that method for sign in why do not they fall back on nostr? Or is this emerging as a competitor to nostr itself?

reply
21 sats \ 0 replies \ @grimtechnet 6 Oct

Nostr gives you an identity on a separate system. With LNURL-auth, the lightning wallet is the identity. I'd call that a competitor to parts of Nostr. Nostr NIP-98 maybe. But it's probably not a competitor to Nostr NIP-46 which most websites use to auth via Nostr. But it does win against Nostr NIP-26 which was essentially abandoned.

reply