Skip to content

Latest commit

 

History

History
51 lines (31 loc) · 2.44 KB

21.md

File metadata and controls

51 lines (31 loc) · 2.44 KB
Raw

LUD-21: pinLimit for withdrawRequest

author: titusz discussion: https://t.me/lnurl/34810

Optional Second Factor for withdrawRequest Authorization

Adding the optional pinLimit property to an LNURL-withdraw response allows a SERVICE to require a PIN to authorize a withdrawal above a given amount.

{
    "tag": "withdrawRequest",
    "callback": string,
    "defaultDescription": string, 
    "minWithdrawable": number,
+   "pinLimit": number,
    "maxWithdrawable": number
}

The pinLimit value must be a positive integer (including 0) with a maximum of 15 digits. If the pinLimit property is present and a WALLET (Point of Sale) intends to withdraw an amount equal to or greater than the pinLimit value (in millisatoshis) it must first acquire a 4-digit PIN from the user (customer) and then add it as pin=<pin> to the query string of the callback URL to authorize the withdrawal.

Example callback:

https://ln-example.com?k1=<k1>&pr=<ln-invoice>&pin=<pin>

If the pinLimit property is used, the SERVICE must check for and validate the pin query parameter of the callback request according to its policy before paying the invoice.

Wallet Implementation Notes

If an LNURL-withdraw response includes a pinLimit property a WALLET should not automatically propose the invoice amount based on the minWithdrawable, maxWithdrawable or pinLimit values.

When acquiring a 4-digit PIN from the user (customer) via a PIN entry screen a WALLET should show the invoice amount on that same screen.

Service Implementation Notes

Other than a fixed length of 4 digits this document makes no assumptions about whether PINs are static (multiple-use) or one-time passwords (OTPs) or other PIN security schemes.

A SERVICE may add the pinLimit property to its LNURL-withdraw response in accordance with its individual security policy.

A SERVICE should protect against brute force attacks by invalidating LNURLw links after the third PIN authorization failure.

Security Considerations

PIN support improves security in cases of lost or maliciously scanned NFC payment devices.

Implementors should be aware that the PIN is leaked to the merchant point of sales device when entered by the customer.

Depending on the implementation of a SERVICE, security can be improved by using one-time PINs or by appropriate privacy configuration of NFC payment devices (e.g., enabling Random-ID support).