HTTP Schnorr Signature Authentication #115
Description
Motivation
Millions of users already have secp256k1 cryptographic keys. This proposal lets them authenticate to Solid pods instantly - no account creation, no passwords, no redirect flows.
📸 Login page with Schnorr SSO:
🎥 See it in action: https://youtube.com/watch?v=wlADHzVNcvM
What is it?
- HTTP Schnorr Auth - Authentication using BIP-340 Schnorr signatures
- did:nostr - A self-certifying DID method (one compatible identity format)
Users authenticate with browser extensions - one click, no passwords.
4-Phase Roadmap
| Phase | Description | Status |
|---|---|---|
| Phase 1 | DID identities in ACLs + Schnorr signature verification | ✅ Complete |
| Phase 2 | SSO "Sign in with Schnorr" button on login page | Planned |
| Phase 3 | Linked identities (WebID ↔ DID) | Planned |
| Phase 4 | Global DID resolver integration | Planned |
Implementation
Since Pivot is based on CSS, the implementation uses NostrCredentialsExtractor - a clean addition to the existing credential extraction chain.
Specifications
- http-schnorr-auth v0.0.1 - HTTP authentication spec
- did:nostr v0.0.10 - Compatible DID method
Test Suite
10 test vectors: https://github.com/nostrcg/http-schnorr-auth/tree/gh-pages/test-vectors
Related Work
- NSS implementation: HTTP Schnorr Signature Authentication nodeSolidServer/node-solid-server#1845
- Working implementations also exist for CSS and JSS
- This represents 2 years of development and testing
Background
This work has been encouraged in discussions with the Pivot maintainers.
Phase Issues
- Phase 1: To be submitted and linked to this issue