You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As I'm reviewing lnurl-pay implementations in advance of developing my own, I find that the "invoices" macaroon is not so useful without info permissions. Fundamentally, a LNURL-pay server ought to know
that the node is synced to chain / available
the node pubkey
???
Anyway, while searching I found that this topic was brought up many years ago here: #2236 and closed with the suggestion that the gRPC client should be given two separate macaroons.
This is difficult in practice, not least of which because most (all?) libraries do not discriminate based on endpoint, and it is then up to the client to track which macaroons have which permissions and go with which gRPC calls.
Yes, I understand that a custom macaroon could be baked, but given the (hopefully increasing) popularity of LNURL-pay, lightning address, etc., it would be nice to add this permission to the invoice macaroon by default.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
As I'm reviewing lnurl-pay implementations in advance of developing my own, I find that the "invoices" macaroon is not so useful without info permissions. Fundamentally, a LNURL-pay server ought to know
Anyway, while searching I found that this topic was brought up many years ago here: #2236 and closed with the suggestion that the gRPC client should be given two separate macaroons.
This is difficult in practice, not least of which because most (all?) libraries do not discriminate based on endpoint, and it is then up to the client to track which macaroons have which permissions and go with which gRPC calls.
Yes, I understand that a custom macaroon could be baked, but given the (hopefully increasing) popularity of LNURL-pay, lightning address, etc., it would be nice to add this permission to the invoice macaroon by default.
Otherwise, you get situations like this: https://github.com/benthecarman/lnurl-server/blob/master/README.md where extremely experienced people like @benthecarman are recommend the use of
admin.macaroon, which seems like a bad practice.Thanks for considering.
Beta Was this translation helpful? Give feedback.
All reactions