Skip to content

fix: restrict NIP-42 AUTH to trusted relays only#207

Merged
barrydeen merged 1 commit intomainfrom
fix/nip42-auth-trusted-relays
Mar 11, 2026
Merged

fix: restrict NIP-42 AUTH to trusted relays only#207
barrydeen merged 1 commit intomainfrom
fix/nip42-auth-trusted-relays

Conversation

@barrydeen
Copy link
Copy Markdown
Owner

@barrydeen barrydeen commented Mar 11, 2026

Summary

  • Three-tier AUTH policy: auto-sign for user's own relays (pinned + DM), prompt user for recipient DM delivery relays, silently discard AUTH challenges from all other relays (outbox, scored, hint, random ephemeral)
  • Per-relay auth toggle in relay settings (on by default) so users can opt out of AUTH on specific relays while still reading/writing to them
  • New AuthApprovalDialog prompts when a DM delivery relay requests authentication, with session-scoped approval memory

Test plan

  • Verify AUTH auto-signs for user's own pinned and DM relays
  • Verify AUTH challenges from scored/outbox/random ephemeral relays are silently discarded (check logcat for "AUTH challenge discarded" messages)
  • Send a DM to a recipient whose DM relay requires AUTH — verify approval dialog appears
  • After approving, verify no re-prompt on reconnect within same session
  • Toggle auth off for a relay in settings — verify AUTH challenges are rejected for that relay
  • Verify existing relay configs deserialize correctly (new auth field defaults to true)

@barrydeen
fix: restrict NIP-42 AUTH to trusted relays only
85eb84d 
Three-tier AUTH policy: auto-sign for user's own relays (pinned + DM),
prompt for recipient DM delivery relays, silently discard for everything
else. Add per-relay auth toggle in relay settings (on by default).
@barrydeen barrydeen merged commit f9e169e into main Mar 11, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@barrydeen