You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Four findings, all real:
1. extractIssuer didn't handle JSON-LD array shape (line 617).
Profiles emitting `oidcIssuer: [{"@id":"..."}]` were treated as
having no issuer. Now normalizes through asArray-like logic and
takes the first usable entry.
2. The "pick a new fragment" suggestion in the merge error was
useless because the fragment was hard-coded. Replaced
refuse-to-clobber with auto-pick: walk lws-key-1..99 and choose
the first slot that's either unused or already holds the SAME
public key (idempotent re-run). Different key on lws-key-1 →
automatically lands at lws-key-2; same key → lands on lws-key-1
for idempotence. Verified in both scenarios.
3. README said "Nostr nsec hex" — but nsec is bech32 (`nsec1…`),
not hex. Reworded to "64 hex chars (the raw 32-byte key behind
your nsec1…)" so users don't paste bech32 and hit a confusing
"not a hex string" error.
4. Same wording in index.html, plus the input label/hint clarified.
Copy file name to clipboardExpand all lines: README.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -24,7 +24,7 @@ Read-only — no auth, no mutations, no server roundtrip beyond the GETs.
24
24
25
25
**2. Nostr verification-method generator** — reads your Nostr pubkey from a [NIP-07](https://github.com/nostr-protocol/nips/blob/master/07.md) signer (e.g. [xlogin](https://xlogin.solid.social/)), encodes it per [did:nostr](https://nostrcg.github.io/did-nostr/)'s Multikey recipe, and emits a copyable JSON snippet to add to your profile. No keys leave your browser.
26
26
27
-
**3. Strict [LWS10-CID](https://www.w3.org/TR/2026/WD-lws10-authn-ssi-cid-20260423/) auth client** — sign in to your pod via Solid-OIDC (using the [`solid-oidc`](https://www.npmjs.com/package/solid-oidc) package), paste a secp256k1 private key (your Nostr nsec hex works — same key, different signature scheme), and the doctor adds a `JsonWebKey` VM to your profile (read-modify-write via authenticated GET + PUT) and signs an LWS10-CID JWT with `alg: ES256K` to authenticate end-to-end. Pairs with the [JSS server-side verifier](https://github.com/JavaScriptSolidServer/JavaScriptSolidServer/pull/398). Privkey is held in memory for the tab only.
27
+
**3. Strict [LWS10-CID](https://www.w3.org/TR/2026/WD-lws10-authn-ssi-cid-20260423/) auth client** — sign in to your pod via Solid-OIDC (using the [`solid-oidc`](https://www.npmjs.com/package/solid-oidc) package), paste a secp256k1 private key as 64 hex chars (the raw 32-byte key behind your Nostr `nsec1…` bech32 — same key, different signature scheme), and the doctor adds a `JsonWebKey` VM to your profile (read-modify-write via authenticated GET + PUT) and signs an LWS10-CID JWT with `alg: ES256K` to authenticate end-to-end. Pairs with the [JSS server-side verifier](https://github.com/JavaScriptSolidServer/JavaScriptSolidServer/pull/398). Privkey is held in memory for the tab only.
0 commit comments