STORY
How we could solve the multi-nostr-keys issue
AUTHOR
MtgMtg
Joined 2022.06.04
PROJECT
BOLT🔩FUNBOLT🔩FUN
DATE
VOTES
sats
COMMENTS
NOSTR
View on Nostr ↗
TAGS
#nostr#meta

How we could solve the multi-nostr-keys issue

In a previous story, I talked about what kind of problem we have because we allow users to link multiple nostr keys to their profiles, here is its link: Better ways to handle linking multiple nostr keys

In this post, I'll explore a possible solution that could solve the problem.
Please read it and let me know if you have any feedback or suggestions.

The "Usage" flow

Here's how the flow when the user wants to link and use a new nostr key will look like:

- From a component that will USE the key (e.g. Commenting section):
- User clicks "Connect Nostr Key"
- He chooses a method (generated keys, nip07,...etc)
- send a API request to associate this pubkey key to the user (un-verified)
- Create a "use-nostr-key" object in localStorage that contains this nostr key metadata

Verifying a key

This means that the user will prove that a certain pubkey that he linked on another device belongs to him.

The user will either verify an existing key or he will add a key that he hasn't used before.

But the steps are similar.

In the user's profile nostr settings:

- We display a list of keys that the user connected to on DIFFERENT DEVICES
- And we display a "Link new key" button at the bottom
- The user clicks a 'verify' button next to some key
- The user will need to sign some text using the prvkey of this pubkey to verify that this pubkey belongs to him
- The way he can verify this key currently is only with an extension, but what if his key is created and stored by another nostr client??

The options we could have are:

1- Use an extension

2- Input the prvkey to just sign the message now, but it won't be stored in the DB or sent to the server or anything.

3- Give the user some text and ask him to:

  1. Copy it

  2. Publish it from his external nostr client

  3. Copy the published event id

  4. Paste it in bolt.fun alongside some relay URL that we can expect to find this event on.

  5. We try to fetch this event and verify the signature

While the third option could work, it involves too many steps and requires a lot of back and forth from the user. And honestly, I'm not sure if we should implement it or not.

But anyways...

After the user verifies a key, he can mark it as his "Primary Nostr Profile"

Meaning it will be the profile that:

  • Appear on his public profile page

  • People can send him DMs to

  • receives BOLT.FUN notifications on

  • People will use to mention him

  • People will use to "Follow" him

  • Will be included in his BOLT.FUN stories' nostr events (published by BOLT.FUN)

All his other verified but NOT primary keys will be used to replace his nostr mentions in the platform with his BOLT.FUN profile.

So his nostr comments for example will include his BF profile link.

And I'm not sure if we should display his verified but NOT primary keys on his publich profile as well.

So,
What's your feedback on all the above??