|
|
Add comprehensive NIP-98 authentication support following the standard
gRPC credentials.PerRPCCredentials pattern.
Client-side:
- NostrCredentials implements PerRPCCredentials interface
- Automatically signs each request with kind 27235 event
- Drop-in replacement for OAuth2/JWT in gRPC clients
Server-side:
- Unary and stream interceptors for validation
- Extracts and validates NIP-98 events from Authorization headers
- Configurable options (timestamp window, whitelists, skip methods)
- Adds authenticated pubkey to request context
Security features:
- Replay protection via timestamp validation
- Optional payload hash verification
- Signature verification using schnorr
- TLS requirement option
Includes comprehensive test coverage and detailed README with
usage examples and security considerations.
|
