NIP-07: Lack of permissionless check whether currently active user has authorized methods

[alopatindev]

I found that current ways web apps handle persistent sessions are too limited or broken:

• some web apps don't remember user account at all and require pressing Login button on every page refresh
• some remember the account but don't react on the fact that the user actually switched it in their browser extension
• some apps ask for permissions out of the blue, probably to make sure that it's the same user that was logged in before.

Could we have some permissionless API to check whether currently active user has already authorized certain methods for the given website? Something like

async getAuthorizedMethods(): { getPublicKey: boolean, getRelays: boolean, ... }

I believe that could be one of the things that simplifies session management in web apps and possibly makes web apps more complete and predictable for end-users.

[staab]

Those mostly seem like flaws in implementation. I for one wouldn't use this. What I would like is a way to get notified if permission is revoked (for both nip 07 and 46).

[alopatindev]

What I would like is a way to get notified if permission is revoked (for both nip 07 and 46).

Sounds good, at least from the first glance.

Will it work if user revoked permission on one device but allowed on the other one? (or we don't want to support that?)

Most importantly, what should happen if user switched the user account in the browser extension? Is it the same as revocation in this design?

[erskingardner]

Those mostly seem like flaws in implementation. I for one wouldn't use this.

I agree with this. Feels like a solution looking for a problem.