0 sats \ 4 replies \ @nerd2ninja 8 Mar 2023 \ parent \ on: Ask SN: When implementing LNURL-auth, do I have to check authenticity of k1? bitcoin
I think you generate a session ID after this authentication. (Which you have to make sure is not based on time or any other predictable mechanism)
Yes, but the server just responds with "OK" to the wallet. I don't respond to the browser on success.
So it's not obvious how to tell the browser about the session ID after authentication.
Edit: Mhh, I guess I can create a session ID and then return that session ID when the browser notices that the login was successful since I do polling.
Okay, that should work. Now my question sounds kind of dumb haha
reply
@k00b what do you do?
I think you would set the session ID before authentication, then after authentication remember that this session ID is authenticated now.
reply
I think you would set the session ID before authentication, then after authentication remember that this session ID is authenticated now.
Interesting
reply
He uses
next-auth
; that takes care of that in ways I didn't understand yet.But I think using that library is overkill for me (for now). I only want to support LNURL-auth.
Also, I like implementing stuff on my own first
(yes, I know about "don't roll your own crypto" haha)
reply