[Podcast] Add support for LSAT for HTTP requests #1010
Comments
|
Thanks for opening the issue @bumi 🙏 |
|
I think this must work without any adjustment on the value tag. Initially I thought of it completely independent (and it could be independent). (with an invoice the server would typically simply check the payment hash and does not need a node connection.) |
|
My idea is simple: keysend works (at least in lnd, need to verify cln) by creating an invoice on-the-fly. It returns a preimage. We need to use the preimage that keysend returns and send it back in LSAT. However, we need to know which preimage from the splits to use, hence - a need for a marker in the split. Just an optional tag on one of the splits will do. It's backward compatible and shouldn't break anything. |
|
What will the server use to lookup the invoice and validate the payment? (The nice thing about the invoice is that the server does not need to connect to a node to do the validation - the preimage + the payment hash from the invoice is enough) |
|
There's still a preimage. The only difference from a regular invoice is that the invoice is created on-the-fly when the payee receives the keysend. If you don't want to ask the node to validate, I can think of several solutions like sharing the hashes with the server prior to the payment or at settlement. |
|
|
Which hash would the server use in the macaroon in the first step of the LSAT handshake? Would it need to return a macaroon at all, or would the first step even be skipped completely? Would the client just request the file with the preimage in the header without any macaroon? My main problem with trying to make keysend fit into LSAT we would be throwing away the central idea of LSAT, namely the cryptographic link between invoice and macaroon. |
|
The LSAT can contain the specific split that should be used. |
|
But which hash should the server use in the macaroon? See https://lsat.tech/macaroons . Using keysend would throw away the central idea of LSAT. The server would also need to store state to keep track of which preimages have been used for which files and check each request against this database, a pretty ugly setup in my eyes. |
|
Why does the server need a state? It can just delegate the validation to the node. |
|
I have attached a diagram that can illustrate how we could change the flow to support keysend payments. Instead of an invoice the first call would return the node id for which the client would need to send over payment "proof" in the second part of the handshake. The macaroon in the first step would also not contain a payment hash. For the client there wouldn't be that many differences, however the validating server would need to hash the preimage and then look up the payment with the node using the payment hash. |
|
LGTM!
|
LSAT is a HTTP based authentication scheme that defines a protocol to exchange lightning payment information on the HTTP level. It is intended to communicate a payment request from the server to the client and to allow the client to authenticate requests using the lightning payment information (preimage).
Thanks to the protocol client and server do not need to know of each other before the request and payments an be incorporated in the HTTP request flow (for the feed and episode files)
This protocol fits perfectly for the podcasting world where a player talks to various hosters and requests the feed and the episode files through HTTP.
Adding support for LSAT gives podcasters an additional monetization option.
It is an open, flexible alternative for example for some podcasters publishing special episodes on tools like patreon or provide special private RSS feeds to a paying user community.
Using LSAT this can be handled with the normal feed and gives the user the choice within the player (no need to go to third-party apps like Patreon before hand)
Simple example flow (sorry for the lazy diagram):
(user could configure to prefer the payment authenticate content per podcast or globally)
client ---> HTTP request indicating LSAT support ----> server
client <--- 402 status code with a payment request <--- server
(user could be prompted here, or a config option could allow auto payments like in the streams)
client ---> HTTP request with payment proof ---> server
client <--- actual requested resource <--- server
(client stores the authentication details for future requests)
If a client does not support LSAT the server simply returns the public response, but if the client supports LSAT (indicating this with the
Accept-Authenticate: LSATHTTP header) the server returns an authenticate response.Here is an example JavaScript implementation to handle the LSAT handshake with
fetch()and useweblnto send the payment: https://github.com/getAlby/alby-tools/blob/master/src/lsat/fetch.jsOpen for discussion:
Links
The text was updated successfully, but these errors were encountered: