I’m not gonna lie, but this has me even more excited for (or than) #nostr #safebox.
#nauth came out of a problem I had to solve for nosfabrica , where I wanted the patient to be on totally equal footing to the the physician (both as #nostr #safebox users). Either the patient or the physician could have crappy display or camera, so I wanted either to be able to initiate the transaction. For example, a physician could be using a beat-up laptop with no camera, or a patient not being able to display a QR with their crappy phone. Either party should (and can!) initiate the authentication.
The beauty of #nostr is that the protocol is cryptographic at its core, so you can dispense with an intervening authentication/authorization server, so I built the protocol on that premise, plus ensuring the egalitarianism of both parties.
It took a few weeks of research, experimenting, and prototyping, but I got it to work. I also put my finger on the hidden centralizing factor of the current solutions: #oauth and its reliance on (fundamentally non-cryptographic) authorization servers. Sure, #oauth uses TLS but that is just lipstick on a tunnel, not the payload.
Onward!
