Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Push Notifications: Device token authentication NIP-98 #1701

Closed
2 tasks
alltheseas opened this issue Nov 13, 2023 · 3 comments
Closed
2 tasks

Push Notifications: Device token authentication NIP-98 #1701

alltheseas opened this issue Nov 13, 2023 · 3 comments
Assignees
@danieldaquino
Labels
enhancement Improvement NIP notifications push-notifications
Milestone
1.9 "it just work...

Comments

@alltheseas
Copy link
Collaborator

alltheseas commented Nov 13, 2023
edited by danieldaquino

Builds on #67

For push notifications to work, we need the client device's random device token given by Apple.

As of writing, strfry-push-notify uses a simple HTTPS endpoint to receive the device tokens and the corresponding pubkey.

Currently all relay notes are public so it is not much of a concern. However, when DM authentication on the relays is implemented, we need to ensure only the true holder of a pubkey is allowed to register their device token, so as to avoid leaking DM metadata.

Acceptance criteria:

  • Only the true holder of the private key is allowed to associate a device token with their pubkey.
  • We should also put some thought into hardening security (e.g. putting a timestamp or some info in the signed message to prevent replay attacks, etc)
@alltheseas alltheseas added this to the Push Notifications milestone Nov 13, 2023
@danieldaquino danieldaquino changed the title Push Notifications: Follow-on #1 Push Notifications: Device token authentication Nov 13, 2023
@alltheseas alltheseas mentioned this issue Nov 13, 2023
Closed
@danieldaquino
Copy link
Contributor

Note: We wrote some code for NIP-98 authentication during #1809. We can probably push that to https://github.com/jb55/nostr-js and reuse it for this server.

@jb55 jb55 mentioned this issue May 7, 2024
Open
6 tasks
@alltheseas alltheseas changed the title Push Notifications: Device token authentication Push Notifications: Device token authentication NIP-98 May 20, 2024
@alltheseas alltheseas added the NIP label May 20, 2024
@alltheseas
Copy link
Collaborator Author

@danieldaquino advises: has non-optimal solution

@danieldaquino
Copy link
Contributor

This will be resolved alongside #1704. Patch sent: https://groups.google.com/a/damus.io/g/patches/c/9roECAoeZBk

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@danieldaquino danieldaquino

Labels
enhancement Improvement NIP notifications push-notifications
Projects
Damus Roadmap 🛣️
Status: In Review
Milestone
1.9 "it just works" + highlights + bo...
Development

No branches or pull requests
2 participants
@danieldaquino @alltheseas