reply on: Ask SN: When implementing LNURL-auth, do I have to check authenticity of k1? \ stacker news ~bitcoin

pull down to refresh

0 sats \ 4 replies \ @nerd2ninja 8 Mar 2023 \ parent \ on: Ask SN: When implementing LNURL-auth, do I have to check authenticity of k1? bitcoin

I think you generate a session ID after this authentication. (Which you have to make sure is not based on time or any other predictable mechanism)

0 sats \ 3 replies \ @ek OP 8 Mar 2023

Yes, but the server just responds with "OK" to the wallet. I don't respond to the browser on success.

So it's not obvious how to tell the browser about the session ID after authentication.

Edit: Mhh, I guess I can create a session ID and then return that session ID when the browser notices that the login was successful since I do polling.

Okay, that should work. Now my question sounds kind of dumb haha

0 sats \ 2 replies \ @nerd2ninja 8 Mar 2023

@k00b what do you do?

I think you would set the session ID before authentication, then after authentication remember that this session ID is authenticated now.

15 sats \ 0 replies \ @ek OP 8 Mar 2023

He uses next-auth; that takes care of that in ways I didn't understand yet.

But I think using that library is overkill for me (for now). I only want to support LNURL-auth.

Also, I like implementing stuff on my own first
(yes, I know about "don't roll your own crypto" haha)

0 sats \ 0 replies \ @ek OP 8 Mar 2023

I think you would set the session ID before authentication, then after authentication remember that this session ID is authenticated now.

Interesting