Free · Open Source · No Backend Required

Login with Nostr

Add passwordless authentication to your website in 2 lines of code. No emails, no passwords, no OAuth providers. Users own their identity.

1 Add the script

One script tag. Loads from the CDN, self-initializes.

<script src="https://nostrkey.com/login.js"></script>

2 Add the button

Drop a div anywhere on your page. The script renders the button.

<div id="nostr-login"></div>

3 Listen for login

When the user authenticates, you get their public key. That's their identity.

document.addEventListener('nostr:login', function(e) { const pubkey = e.detail.pubkey; // That's it. This is the user's unique, permanent identity. // No password to hash. No email to verify. No OAuth token to refresh. console.log('User logged in:', pubkey); });

Try it

If you have NostrKey installed, click the button below.

No Backend

Everything happens client-side. The script talks directly to the user's key manager. Your server just receives a public key.

No Passwords

Users authenticate with cryptographic keys. Nothing to leak, nothing to reset, nothing to brute force.

No Vendor Lock-In

Nostr identities are portable. Users aren't locked to your platform or any single provider. Open protocol.

One Identity Everywhere

The same identity works on every Nostr-enabled site. Users log in once with their key manager, use it everywhere.

Privacy by Default

No email required. No tracking cookies. No third-party OAuth. The user's public key is all you need.

Works Everywhere

Desktop (Chrome, Safari, Firefox). Mobile (iOS, Android). The button adapts and guides users to install if needed.

How it works

1

User clicks "Login with Nostr"

The button checks if a Nostr key manager (like NostrKey) is installed in the browser.

2

Key manager handles authentication

If installed, the key manager provides the user's public key. If not, the user is guided to install one. No friction either way.

3

Your site receives a public key

A nostr:login event fires with the user's public key. Store it, use it as a user ID, look up their profile — it's a permanent, cryptographic identity.

4

Done. No token refresh. No session expiry.

The public key is the identity. You can verify it any time. The private key never leaves the user's device.

Options

Customize the button appearance and behavior.

<!-- Dark theme (default) --> <div id="nostr-login" data-theme="dark"></div> <!-- Light theme --> <div data-nostr-login data-theme="light"></div> <!-- Large button --> <div data-nostr-login data-size="large"></div> <!-- Auto-add a relay when user logs in --> <div data-nostr-login data-relay="wss://your-relay.com"></div>

Events

Listen for authentication state changes.

// User authenticated document.addEventListener('nostr:login', (e) => { const { pubkey } = e.detail; // Send to your backend fetch('/api/auth/nostr', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ pubkey }) }); });

FAQ

What is Nostr?

Nostr is an open protocol for decentralized identity and communication. Think of it as a universal login system where users own their identity through cryptographic keys — no company controls it.

What does my user need?

A Nostr key manager like NostrKey (browser extension or mobile app). If they don't have one, the button guides them through setup. It takes about 30 seconds.

What do I store on my server?

Just the public key (a 64-character hex string). That's the user's unique identifier. No password hashing, no email verification, no OAuth tokens to manage.

How do I verify the user later?

Ask them to sign a challenge — their key manager signs it with their private key, you verify with their public key. The window.nostr.signEvent() API handles this. Or simply trust the initial getPublicKey() for most use cases.

Is this secure?

Nostr uses secp256k1 elliptic curve cryptography (the same as Bitcoin). Private keys never leave the user's device. There's no central server to breach, no password database to leak.

Does it cost anything?

No. The script is free and open source. NostrKey is free. Nostr is an open protocol with no usage fees.

Can I use my own relay?

Yes. Add data-relay="wss://your-relay.com" to the button div. When users log in, the relay is automatically added to their key manager.

Ready to go passwordless?

Two lines of code. No backend changes. No vendor lock-in.

View on GitHub Get NostrKey