fix(nip46): use getPublicKey() in nostrconnect flow to get actual user pubkey (#374)

pablof7z · web-flow · commit 01ba3c8fcc93 · 2026-01-02T03:13:17.000+02:00
The nostrconnect:// flow was incorrectly using response.event.pubkey as the userPubkey, but that's actually the bunker's pubkey (the one signing the NIP-46 response event). This fix aligns the nostrconnect flow with the bunker:// flow, which correctly calls getPublicKey() to retrieve the actual user's pubkey from the remote signer. Fixes #373
diff --git a/core/src/signers/nip46/index.ts b/core/src/signers/nip46/index.ts
@@ -226,12 +226,17 @@ export class NDKNip46Signer extends EventEmitter implements NDKSigner {
         return new Promise((resolve, reject) => {
             const connect = (response: NDKRpcResponse) => {
                 if (response.result === this.nostrConnectSecret) {
-                    this._user = response.event.author;
-                    this.userPubkey = response.event.pubkey;
+                    // The response event pubkey is the bunker's pubkey, not the user's
                     this.bunkerPubkey = response.event.pubkey;
 
                     this.rpc.off("response", connect);
-                    resolve(this._user);
+
+                    // Get the actual user's pubkey from the bunker
+                    this.getPublicKey().then((pubkey) => {
+                        this.userPubkey = pubkey;
+                        this._user = this.ndk.getUser({ pubkey });
+                        resolve(this._user);
+                    }).catch(reject);
                 }
             };
 
