NIP-98 Decoder

A modern, user-friendly web application for decoding and validating Nostr HTTP Authentication tokens (NIP-98). This tool helps developers and users understand the structure and validity of NIP-98 tokens used in Nostr-based authentication systems.

🎯 Purpose

NIP-98 defines a standard for HTTP authentication using Nostr events. This decoder allows you to:

• Decode base64-encoded NIP-98 tokens
• Validate token structure and required fields
• Inspect event metadata, identity information, and tags
• Verify token freshness and cryptographic validity
• Debug authentication issues in Nostr applications

✨ Features

• Real-time Validation: Instant feedback on token structure and validity
• Comprehensive Checks: Validates all required NIP-98 fields and constraints
• Beautiful UI: Modern, responsive interface with smooth animations
• Dark Mode Support: Automatic theme switching based on system preferences
• Mobile Friendly: Works seamlessly on desktop and mobile devices
• Developer Friendly: Clear error messages and detailed validation results

🚀 Quick Start

Prerequisites

• Node.js 18+ and npm
• Modern web browser

Installation

1. Clone the repository:

git clone https://github.com/hexquarter/nip98-decoder.git
cd nip98-decoder

2. Install dependencies:

npm install

3. Start the development server:

npm run dev

4. Open http://localhost:5174 in your browser

Build for Production

npm run build
npm run preview

📖 How to Use

1. Paste a Token: Copy a NIP-98 token (with or without the "Nostr " prefix) into the text area
2. View Results: The app will automatically decode and validate the token
3. Check Validation: Review the validation checks to ensure the token meets NIP-98 requirements
4. Inspect Details: Examine event metadata, identity information, and tags

Example Token Format

Nostr eyJub3N0ciI6eyJpZCI6IjEyMzQ1Njc4OTAiLCJwdWJrZXkiOiJhYmNkZWYiLCJzaWciOiIxMjM0NTY3ODkwIiwia2luZCI6MjcyMzUsImNyZWF0ZWRfYXQiOjE2NDU4MzY3ODksInRhZ3MiOltbInUiLCJodHRwczovL2V4YW1wbGUuY29tIl0sWyJtZXRob2QiLCJHRVQiXV19fQ==

🔍 Validation Checks

The decoder performs the following validations:

• Kind Validation: Ensures event kind is 27235 (NIP-98)
• Public Key: Validates 64-character hexadecimal pubkey
• Signature: Checks for valid 128-character hexadecimal signature
• Event ID: Verifies 64-character hexadecimal event ID
• Timestamp: Confirms created_at is within acceptable time window
• URL Tag: Validates presence of "u" tag with target URL
• Method Tag: Checks "method" tag contains valid HTTP verb
• Payload Tag: Optional SHA-256 hash of request body

🛠️ Technology Stack

• Frontend: React 19 with TypeScript
• Build Tool: Vite
• Styling: Tailwind CSS v4
• Icons: Built-in SVG icons
• Nostr Integration: nostr-tools library

📋 NIP-98 Specification

This tool implements NIP-98: HTTP Auth, which defines how Nostr can be used for HTTP authentication. Key requirements:

• Event kind must be 27235
• Must include u tag with target URL
• Must include method tag with HTTP method
• May include payload tag with request body hash
• Event must be signed by the authenticating user

🤝 Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

1. Fork the repository
2. Create your feature branch (git checkout -b feature/amazing-feature)
3. Commit your changes (git commit -m 'Add some amazing feature')
4. Push to the branch (git push origin feature/amazing-feature)
5. Open a Pull Request

📄 License

This project is open source and available under the MIT License.

🙏 Acknowledgments

• Nostr Protocol for the decentralized social protocol
• NIP-98 Specification
• nostr-tools for Nostr utilities