Authentication & Identity System
How pleb.school handles multi-provider login, Nostr-first identity, and account linking.
Authentication & Identity System
pleb.school supports Nostr-first and OAuth-first accounts with a unified identity model.
Nostr-first providers
- NIP-07 browser extension login
- Anonymous login (server-generated keys)
- Recovery login
Nostr-first accounts use the Nostr profile as the source of truth and authenticate via NIP-98 signed events.
OAuth-first providers
- Email magic links
- GitHub OAuth
OAuth-first accounts use platform profile data and receive a server-managed Nostr keypair for protocol access. Keys are encrypted at rest.
Account linking
Users can link Nostr, GitHub, and email into one account. Linking Nostr upgrades the profile source to Nostr-first and syncs profile data from relays.
Anonymous security model
- Anonymous accounts use reconnect tokens (no private keys stored in the browser)
- Tokens rotate on every login
- Dual rate limits protect against abuse
Admin controls
Auth providers are configured in config/auth.json. GitHub requires client id and secret environment variables.
This system lets you reduce onboarding friction while preserving self-custody for Nostr-native users.
No comments yet.
Write a comment