lightning-browser-extension icon indicating copy to clipboard operation
lightning-browser-extension copied to clipboard

Published 20 hours ago verified publisher icon getAlby

[Feature] Grant Nostr permissions to website

Open alexgleason opened this issue 2 years ago • 4 comments

Feature description

Currently Alby will prompt the user to sign Nostr events with a pop-up. The user can check "Remember my choice and don't ask again" for the entire website.

image

However, as a website developer, I want the ability to request specific permissions from Alby, for example:

[{
  scope: 'nostr.nip04.decrypt',
  filters: [{ kinds: [24133] }],
}, {
  scope: 'nostr.signEvent',
  filters: [{ kinds: [6, 7, 10002] }],
}, {
  scope: 'nostr.getPublicKey',
  filters: [] // ??? not sure about this
}]

Describe the solution

When I call the function from my website, Alby should prompt the user to accept the permissions. The user would have the ability the modify or disable any permissions before confirming.

For permissions that aren't granted, Alby would prompt with a pop-up as normal.

Describe alternatives

No response

Additional context

No response

Are you working on this?

None

alexgleason avatar Aug 26 '23 01:08 alexgleason

The thing I dislike most is that checking "Remember my choice" allows all permissions. Am I wrong? It's a binary choice between prompt everything and full permissions. I want to grant some permissions all the time, and I want it to always prompt for others.

alexgleason avatar Aug 26 '23 01:08 alexgleason

This is great feedback, thanks @alexgleason! I agree that it would make sense to have more granular control over which permissions you want to grant to websites.

Currently there are only permissions for the individual functions (e.g. getPublicKey, signEvent, encrypt, decrypt) but there is currently no way for a user to scope permissions to certain kinds. You can test it yourself over in this demo page:

https://codepen.io/reneaaron/pen/BavLBMe

However, as a website developer, I want the ability to request specific permissions from Alby, for example:

Currently you don't request any permissions beforehand (there is no spec for that, yet. I kind of like the idea though as it minimizes the number of permission requests users have to confirm). So whenever a website calls a certain window.nostr function, Alby would prompt you for this particular call.

What would you think about adding an option for users to restrict those permissions on a kind basis for a first step? (see screenshot)

image

cc @stackingsaunter

reneaaron avatar Sep 03 '23 21:09 reneaaron

@reneaaron maybe share with @alexgleason the dropdown you did?

stackingsaunter avatar Sep 11 '23 17:09 stackingsaunter

At the very least would be nice to have client auth as a separate event type to help address https://github.com/nostr-protocol/nips/issues/818

badonyx avatar Oct 13 '23 16:10 badonyx

Solved with the newest release

stackingsaunter avatar Mar 26 '24 01:03 stackingsaunter