L402 Workshop with Python

# L402 Workshop ###### tags: `workshops_mln` This is an introductory workshop to the L402 standard. **Table of Contents** [TOC] ## Author Twitter for corrections, comments or suggestions: [@bitao36](https://twitter.com/bitao36) This tutorial was prepared for the [Mastering Lightning Socratic Seminar](https://libreriadesatoshi.com/) through [@libreriadesatoshi](https://twitter.com/libdesatoshi). ## Requirements :information_source: :::info Have Linux installed Have Polar installed Having created a network with two nodes, one of them LND Have Python 3.10 installed ::: ## What are HTTP status codes Status codes are an essential part of the HTTP protocol, used to communicate the result of a request made by a client to a server. ## Why was status 402 not used? ![image](https://hackmd.io/_uploads/B1Dhj0pwA.png) Among all the status codes defined in the HTTP standard, there is one that was practically forgotten: the 402 status code. The 402 status code, “Payment Required,” was defined in the original HTTP/1.1 specification, but has never been widely used on the web. It was intended for future use, but the future is now. ## What is L402 Olaoluwa Osuntokun from Lightning Labs on March 30, 2020 publishes the LSAT specification which contemplates the use of the http 402 status code, an authorization token called macaroon and a lightning invoice. ``` LSAT= HTTP 402 + MACAROON + LIGHTNING INVOICE ``` LND, which is the implementation of the lightning network developed by Lightning Labs, uses macaroons, but not all other implementations, so the standard has been renamed L402, and thus the macaroon can be generalized as a token in the following way: ``` L402= HTTP 402 + TOKEN + LIGHTNING INVOICE ``` Well, this sounds great but what is it for? L402 serves as authentication and at the same time as an Internet-native payment system using the Lightning Network. A business can offer a new level of service that falls between free and subscription, with no login, email, or passwords required. The most important and visible use cases are: Payment for access to premium content, pay-per-view, automated micropayments, authentication and authorization in Lightning Network-based services and API monetization. ## Basic diagram of how it works ![image](https://hackmd.io/_uploads/HybynATDR.png) ## grpc connection to LND ![ClientServerLND.drawio](https://hackmd.io/_uploads/SJ3qqCawR.png) This simple diagram shows the components that will allow us to execute the project: * Client: Postman or other * Server: Running Python flask project * LND: Selected node * Lightning Network: Regtest network run on Polar ## Implementation in Python In this repository is a simple implementation of L402 https://github.com/bitao36/L402LNDPy ### Run the project * Download the repository * Run Polar and load the network * Add the cert file and the LND node macaroons to their corresponding folder * Run the project At this moment the server is listening for requests on port 8080 ### Test You can use Postman or any other client that allows you to test APIS Enter the url http://127.0.0.1:8080 and you should receive ``` Response: Needs payment Status code: 402 Header: WWW-Authenticate : L402 token="", invoice=lnbc.... ``` Now you must pay the invoice to obtain the preimage and make the request again adding the following header: ``` Authorization: L402 token:preimage ``` At this time, no authentication has been implemented for the token, so simply entering the word token and a preimage will give access to the resource. If you provided a valid preimage you should receive the following response: ``` Response: Premium content Status code: 200 ``` ## :zap: Donations :::success If this material was useful to you, you can thank @bitao36 by sending him a contribution via Lightning Address: bitao36@getalby.com :::