Skip to content

Add NIP-144: Service Authorization Protocol#2232

Open
btcjt wants to merge 1 commit intonostr-protocol:masterfrom
btcjt:nip144-service-authorization-clean
Open

Add NIP-144: Service Authorization Protocol#2232
btcjt wants to merge 1 commit intonostr-protocol:masterfrom
btcjt:nip144-service-authorization-clean

Conversation

@btcjt
Copy link

@btcjt btcjt commented Feb 23, 2026
edited
Loading

Summary

  • Introduces NIP-144, a protocol for authorizing third-party services to interact with a user's Nostr data without exposing their private key (nsec)
  • Defines a shared symmetric encryption key workflow between a principal (user) and a service, where the principal retains full control over authorization, key rotation, and revocation
  • The shared key grants encryption/decryption capability only — no signing authority — so a compromised service cannot impersonate the user

Motivation

Nostr-native applications increasingly need server-side services to handle sensitive data (payment credentials, encrypted configuration, etc.) on behalf of users. Sharing an nsec is unacceptable: it grants full signing authority, cannot be selectively revoked, and a single service compromise exposes every user. NIP-144 solves this with scoped, rotatable, revocable shared keys.

Design

  • Kind 31440 (Service Authorization): Addressable event published by the principal. Contains the shared key encrypted via NIP-44 ECDH to the service's pubkey. Supports optional a tag scoping to bind authorization to specific entities/datasets.
  • Kind 31441 (Service Authorization Acknowledgment): Addressable event published by the service confirming receipt. Contains a SHA-256 hash of the shared key as proof of possession.
  • Encryption format: Reuses NIP-44 v2 primitives (ChaCha20 + HMAC-SHA256 + HKDF) with the shared key used directly as conversation_key — no new cryptographic constructions.
  • Rotation: Principal publishes a new kind 31440 with the same d tag (addressable replacement).
  • Revocation: Kind 5 deletion or expired replacement; service must purge the key and delete its acknowledgment.
  • Optional NIP-98 notification: Principal can HTTP-notify the service of a new authorization for immediate pickup rather than waiting on relay subscriptions.

Test plan

  • Review NIP-144 spec for completeness and consistency with existing NIPs (especially NIP-44, NIP-46, NIP-98)
  • Verify event kind numbers 31440/31441 do not conflict with existing allocations
  • Validate encryption format description matches NIP-44 v2 primitives
  • Review security considerations section for completeness

@btcjt
Add NIP-144: Service Authorization Protocol
22d33ce 
Introduces a protocol for authorizing third-party services to interact
with a user's Nostr data without exposing their private key (nsec).

The protocol establishes a shared symmetric encryption key between a
principal (user) and a service, enabling the service to encrypt and
decrypt shared data while the principal retains full control over
authorization, key rotation, and revocation.

Key design points:
- Shared key grants encryption/decryption only — no signing authority
- Scoped authorizations via `a` tags to limit access per entity/dataset
- Key rotation and revocation without changing Nostr identity
- Reuses NIP-44 encryption primitives with shared key as conversation_key
- On-protocol acknowledgment (kind 31441) replaces off-protocol state
- Optional NIP-98 HTTP notification for immediate service pickup

Event kinds:
- 31440: Service Authorization (published by principal)
- 31441: Service Authorization Acknowledgment (published by service)
@btcjt btcjt force-pushed the nip144-service-authorization-clean branch from 9072888 to 22d33ce Compare February 23, 2026 18:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@btcjt