I was wondering about that. That’s good to know. I have been reading NIP-57. I understand the allowsNostr for the lnurl pay request url, but was unsure why the pubkey was needed.

In the callback, the zap request is passed in as a nostr query value, signed so you have the zap requestor pubkey there.

Anyway, I hope to implement in https://asats.io but it’s taking me awhile to get my head wrapped around the spec.