Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add ability to update offer #7

Open
sbddesign opened this issue Jun 3, 2024 · 2 comments
Open

Add ability to update offer #7

sbddesign opened this issue Jun 3, 2024 · 2 comments
Labels
enhancement New feature or request investigation

Comments

@sbddesign
Copy link
Contributor

sbddesign commented Jun 3, 2024

Ability to update the offer, which requires a way to authenticate the user. Probably rely on a signed message from the lightning node/wallet. A message is signed when username is created, then we expect a valid signature from the same pubkey in order to update the offer?

Another tricky thing is that if the lightning node/wallet changes, then you might want to change the offer still without having access to the original key. If I lose access to a lightning wallet (I hope not), I still want to own stephen and sbddesign.

@paulosacramento
Copy link
Contributor

paulosacramento commented Aug 31, 2024

I have been thinking a lot about this. VPN services that do not require user credentials for registration may be the best example of how to deal with this problem. All the other alternatives (email, lightning wallet, nostr, etc) seem not be suitable.

Mullvad's example can be followed here: during the registration process on Twelve Cash, an Secret Account Number could be generated. This Secret Account Number would act both as an identifier in the context of the Twelve Cash system and as a password for logging in and making changes.

As we can see in the screenshot below, it would also be very important to clearly communicate that this information should be kept private.
Screenshot 2024-08-31 at 16 54 31

@sbddesign
Copy link
Contributor Author

Yeah, a secret account number could be good. However, we have already implemented a Nostr login. So it seems to me like the lowest hanging fruit is just to require a login. @chdwlch and I have discussed email auth as well.

But I dunno, the secret number idea would be easy to implement. It's not a bad idea. Hmm.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request investigation
Projects
None yet
Development

No branches or pull requests

2 participants