Client App Registration
Before you start using UMA Auth in your client application, there are a few steps that you must do to register your client application:
- Generate Nostr Identity keypair
- Publish registration event
- Verify your app's identity
We have provided a simple CLI tool that will make it very easy to
complete these steps.
An application using UMA Auth has a single Nostr keypair known as the "identity keypair". Note that this keypair is the same for all
users of your application. To generate your identity keypair, you can install the CLI tool and run:
$ uma-auth-cli generate-key
This will generate and print a new keypair in bech32 and hex format. You can then store this keypair as you would other secrets in your system.
Next, you will publish the Nostr app registration event (kind 13195) using the CLI
tool again and the keypair generated above.
$ uma-auth-cli publish \
# Secret key of the identity keypair generated above, used to sign the registration
# event (in bech32 or hex format)
--nsec nsec1mqxnulkqkcv0gc0dfrxz5kz7d3h665ve2dhjkrj8jmmxwm4st2zsjv2n5l \
# The relays to which the registration event will be published. It is recommended
# to select public, well-known and reputable relays for the app registration event
# for better visibility. The relays mentioned here are a good starting point, but
# you can also check out the most active relays at https://nostr.info/relays/
--relay wss://nos.lol --relay wss://relay.primal.net \
# Allowed OAuth redirect URIs for the client application, these must match the
# redirect URI specified in the OAuth authorization request
--redirect-uri https://foo.test --redirect-uri https://foo.test/callback \
# URL of client app image logo, used in the permissions page
--image https://foo.com/image.png \
# NIP-05 address of the client app (see below for more information), used in the
# permissions page
--nip05 _@foo.com \
# Name of the client app, used in the permissions page
--name "Test CLI" \
# Description of the client app, used in the permissions page
--description "A test client app"
This will create a registration event containing the application name, description, image, redirect urls and NIP-05 address, sign it with the
provided secret key and publish it to the specified relays.
Finally, you should verify your app's identity using NIP-05. This binds your domain to the Nostr public key and proves that the signer of
the 13195 event also owns the domain specified in that event. For complete details on the NIP-05 specifications, see
here.
On your app's domain, create a file at
/.well-known/nostr.json
with the following content:{
"names": {
// ... your identity keypair pubkey in hex format
"_": "8ee0df27b60f419181f1d5acfc68292e52915273a12da9825542dcb10e9fd24c"
}
}
Note: this domain must match the NIP-05 address domain published in the app registration event.