-
@ Tim Bouma
2025-03-03 22:48:541. nAuth is intended to be initiated over a potentially insecure channel. The bech32 is best for presenting a QR code or transmitting text that can be easily cut and pasted by a human. 2. The nonce is to prevent session hijacking. I generate a new nonce every time I present a QR and check to see if it’s the same in the reponse. 3. The nonce is really up to the initiator to generate and manage. They can ignore it if they wish but to their peril.