Invalid invoice (LNURL invoice check rejects invalid LNURL invoice)

[jsarenik]

Describe the bug

An invoice which contains route hints is considered invalid by Alby. The GUI reports following:

Payment aborted. Invalid invoice

To Reproduce
Steps to reproduce the behavior:

1. Visit to https://ln.anyone.eu.org/meta1.html
2. Click on Alby extension button (which should be activated since the site contains appropriate meta tag).
3. Click the Send Satoshis button.
4. Click the Confirm button.
5. See error

Expected behavior
The payment process should be initiated with no Invalid invoice message, like when you do the same at https://ln.anyone.eu.org (which targets at anyone@coinos.io).

Information About Alby

• Alby Version: 1.6.0
• Alby installed through browser stores
• Wallet connected with Alby: Alby LND

Device Information [optional]:

• OS: Linux
• Browser: Google Chrome (stable)
• Browser Version: Version 98.0.4758.102 (Official Build) (64-bit)

Additional context
The issue is not present when paying justsmile@stacker.news instead of anyone@ln.anyone.eu.org so here are the decoded invoices of the two:

$ lnaddr.sh justsmile@stacker.news 15000                                     
https://stacker.news/api/lnurlp/justsmile/pay?amount=15000
{"pr":"lnbc150n1p3rnd33pp5qrvzeyvn4j3454pg7a959l4mdhjp5hkg8khgj27gvttuf2y4zn7qhp5rh2046zf4yykuc77pt926gfrq9xmdyg7qmsqckq434q707d2ga7scqzpgxqr23ssp5gf8k52y73mpscsh4yuv8zz89mvg0mhwm76p39d0f73ctlvt49yzq9qyyssqfhwy0qa0377p2slghhxg4je6xxa4x609y39lvhwappy2p3pt977qp72ed2qsd07cgs5y5p5k50eznptqamaypsdzhq8xukvn6nxwdagp8xhcg0"}
$ lightning-cli decode lnbc150n1p3rnd33pp5qrvzeyvn4j3454pg7a959l4mdhjp5hkg8khgj27gvttuf2y4zn7qhp5rh2046zf4yykuc77pt926gfrq9xmdyg7qmsqckq434q707d2ga7scqzpgxqr23ssp5gf8k52y73mpscsh4yuv8zz89mvg0mhwm76p39d0f73ctlvt49yzq9qyyssqfhwy0qa0377p2slghhxg4je6xxa4x609y39lvhwappy2p3pt977qp72ed2qsd07cgs5y5p5k50eznptqamaypsdzhq8xukvn6nxwdagp8xhcg0
{
   "type": "bolt11 invoice",
   "currency": "bc",
   "created_at": 1647949361,
   "expiry": 10800,
   "payee": "03cc1d0932bb99b0697f5b5e5961b83ab7fd66f1efc4c9f5c7bad66c1bcbe78f02",
   "msatoshi": 15000,
   "amount_msat": "15000msat",
   "description_hash": "1dd4fae849a9096e63de0acaad2123014db6911e06e00c58158d41e7f9aa477d",
   "min_final_cltv_expiry": 40,
   "payment_secret": "424f6a289e8ec30c42f527187108e5db10fddddbf68312b5e9f470bfb1752904",
   "features": "024200",
   "payment_hash": "00d82c9193aca35a5428f74b42febb6de41a5ec83dae892bc862d7c4a89514fc",
   "signature": "304402204ddc4783af8fbc1543e8bdcc8acb3a31bb5369e5244bf65ddd0848a0c42b2fbc022000f9596a8106bfd844284a0696a3f2298560eefa40c1a2b80e6e5993d4cce6f5",
   "valid": true
}

Now the other invoice produced by CLN (c-lightning) which has issues in Alby:

$ ./lnaddr.sh anyone@ln.anyone.eu.org 15000                                    
Enter comment (maxLength: 255): forAlby
https://signetfaucet.bublina.eu.org/cgi-bin/lnurl.sh?amount=15000&comment=forAlby
{"pr":"lnbc150n1p3rnwm8pp5ks2uhszpsscwk35m7tsz5daqengsjpmulew5zs4fnjlpdgan2r2sdqa235xzmntypuk7afpypnx7ujpd338jxqyjw5qcqpjsp5ex6625qahu45uerr34xxcw00nu5cdf6dlexqup3nq3jgwz7dj2vqrzjq2rguyhnyqrnetgv99vugf2el08ar23jdl9egdyja4ls9jvzp23ejz40qsqqrcgqqqqqqqlgqqqqqqgq9q9qyysgqcrlhyz4qgqehsrwt6flq5a2cka0njglrlaf0q3ath8zuhyc2xm6xnwykmtuy840z6mphrzu2zy4m45dy08ewhemx8vdpsswy6y7snncpgtz30a"}
$ lightning-cli decode lnbc150n1p3rnwm8pp5ks2uhszpsscwk35m7tsz5daqengsjpmulew5zs4fnjlpdgan2r2sdqa235xzmntypuk7afpypnx7ujpd338jxqyjw5qcqpjsp5ex6625qahu45uerr34xxcw00nu5cdf6dlexqup3nq3jgwz7dj2vqrzjq2rguyhnyqrnetgv99vugf2el08ar23jdl9egdyja4ls9jvzp23ejz40qsqqrcgqqqqqqqlgqqqqqqgq9q9qyysgqcrlhyz4qgqehsrwt6flq5a2cka0njglrlaf0q3ath8zuhyc2xm6xnwykmtuy840z6mphrzu2zy4m45dy08ewhemx8vdpsswy6y7snncpgtz30a
{
   "type": "bolt11 invoice",
   "currency": "bc",
   "created_at": 1647950695,
   "expiry": 604800,
   "payee": "032de5c0f28f9d7d10c0c0b5ec92e83f9bf40def2bf40181c0f4330c57e58a8605",
   "msatoshi": 15000,
   "amount_msat": "15000msat",
   "description": "Thank you! forAlby",
   "min_final_cltv_expiry": 18,
   "payment_secret": "c9b5a5501dbf2b4e64638d4c6c39ef9f2986a74dfe4c0e06330464870bcd9298",
   "features": "024100",
   "routes": [
      [
         {
            "pubkey": "02868e12f320073cad0c2959c42559fbcfd1aa326fcb943492ed7f02c9820aa399",
            "short_channel_id": "700164x481x0",
            "fee_base_msat": 1000,
            "fee_proportional_millionths": 1,
            "cltv_expiry_delta": 40
         }
      ]
   ],
   "payment_hash": "b415cbc0418430eb469bf2e02a37a0ccd109077cfe5d4142a99cbe16a3b350d5",
   "signature": "3045022100c0ff720aa04033780dcbd27e0a7558b75f3923e3ff52f047abb9c5cb930a36f4022069b896daf843d5e2d6c3718b8a112bbad1a479f2ebe7663b1a1841c4d13d09cf",
   "valid": true
}

For lnaddr.sh script, have a look at https://github.com/jsarenik/cls.

Are you working on this issue? No, but let me know how can I help.

[jsarenik]

Same thing with version 1.7.0.

[bumi]

Can you confirm that the amount is set correctly? lnurl-pay is using millisats and the amount request is passed as GET parameter to the callback URL.
this means your callback URL should create an invoice for 10 sats:
https://signetfaucet.bublina.eu.org/cgi-bin/lnurl.sh?amount=10000
but it creates an invoice of 100 sats.

Check the spec: https://github.com/fiatjaf/lnurl-rfc/blob/legacy/lnurl-pay.md

[jsarenik]

Could the problem be here? https://github.com/getAlby/lightning-browser-extension/blob/master/src/common/lib/lnurl.ts#L109

[bumi]

yes, that also could be the problem. I think somehow the invoice is not as expected. - either the amount or the metadata is not as expected.
could that be?

[jsarenik]

Yes, I confirm that the amount is set correctly. It works well with stacker.news and coinos.io.

[jsarenik]

For completness, here is another lightning address anyone@coinos.io which works well with Alby and produces following invoice:

$ lnaddr.sh anyone@coinos.io 15000
Enter comment (maxLength: 500): forCoinOS
https://coinos.io/lnurl/671ce96fec63876c1fabc68bb95751808559b35bdb94ed390de9cbb9a7137904?amount=15000&comment=forCoinOS
{"pr":"lnbc150n1p3r4f34pp5h9rh6yyrreckexz32a6mvtke5jqz064567htwlg6xlplll7jncpqhp5t7ygdl8ft532fa2gpgxhh4rg9afsn9yp22yfpnglluevg6ey6ytqcqzpgxqyz5vqsp5f8mv3dzgu9nvpzsw4zyuxjernderz65ana0syy0tk3kjx49qvfzq9qyyssqfqhnq8ukxgfp45796j9ew2n5ypyehhlt5azyskztpgdd3u4f864zuy45954qe27qysj56uzl4k3xkefpxng993sazqxgrthxd5g8fcsq2rjzcv","routes":[]}
$ lightning-cli decode lnbc150n1p3r4f34pp5h9rh6yyrreckexz32a6mvtke5jqz064567htwlg6xlplll7jncpqhp5t7ygdl8ft532fa2gpgxhh4rg9afsn9yp22yfpnglluevg6ey6ytqcqzpgxqyz5vqsp5f8mv3dzgu9nvpzsw4zyuxjernderz65ana0syy0tk3kjx49qvfzq9qyyssqfqhnq8ukxgfp45796j9ew2n5ypyehhlt5azyskztpgdd3u4f864zuy45954qe27qysj56uzl4k3xkefpxng993sazqxgrthxd5g8fcsq2rjzcv
{
   "type": "bolt11 invoice",
   "currency": "bc",
   "created_at": 1648010805,
   "expiry": 86400,
   "payee": "02868e12f320073cad0c2959c42559fbcfd1aa326fcb943492ed7f02c9820aa399",
   "msatoshi": 15000,
   "amount_msat": "15000msat",
   "description_hash": "5f8886fce95d22a4f5480a0d7bd4682f53099481528890cd1fff32c46b24d116",
   "min_final_cltv_expiry": 40,
   "payment_secret": "49f6c8b448e166c08a0ea889c34b239b72316a9d9f5f0211ebb46d2354a06244",
   "features": "024200",
   "payment_hash": "b9477d10831e716c98515775b62ed9a48027eab4d7aeb77d1a37c3ffffd29e02",
   "signature": "30440220482f301f9632121ad3c5d48b972a7420499bdfeba74448584b0a1ad8f2a93eaa02202e12b42d2a0cabc024254d705fada26b652134d052c61d100c81aee66d1074e2",
   "valid": true
}

So what we see is that the invoices which are accepted by Alby contain the "description_hash" field, which the c-lightning-generated invoice does not contain (it is considered optional, correctly defined with ? in Alby's src/declarations.d.ts)

[bumi]

For the record: I am pretty sure this issue is not because of routing hints or similar.
This issue is because of the LNURL described validations of the invoice. In this case the invoice (requested through LNURL-pay) does not pass the validation. (amount, description_hash must be the hash of the LNURL metadata, ...)

see also: #735 (comment)

[jsarenik]

@bumi Yes, it is being worked on in c-lightning. See ElementsProject/lightning#5121, which I was totally unaware of.

Thanks @fiatjaf for link!

Leaving this issue open just to track it also on this side (as there may be others like me unaware of the related work).

[bumi]

great, I updated the title to mention the LNURL invoice check.
keep me posted, I did not know that LNURL-pay is not possible with a clightning node right now.

[jsarenik]

Here is a new invoice generated with deschashonly=true parameter introduced by ElementsProject/lightning@ccaf04d26 and seems to still not work with Albi. @bumi please have a look what could be wrong here.

{
   "type": "bolt11 invoice",
   "currency": "bc",
   "created_at": 1648648330,
   "expiry": 604800,
   "payee": "032de5c0f28f9d7d10c0c0b5ec92e83f9bf40def2bf40181c0f4330c57e58a8605",
   "msatoshi": 1000,
   "amount_msat": "1000msat",
   "description_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
   "min_final_cltv_expiry": 18,
   "payment_secret": "26c8de60d4cc4d78db9d641bf724fad4eda0750fd459747eda548e70c9ec0ebf",
   "features": "024100",
   "routes": [
      [
         {
            "pubkey": "038fe1bd966b5cb0545963490c631eaa1924e2c4c0ea4e7dcb5d4582a1e7f2f1a5",
            "short_channel_id": "728591x176x1",
            "fee_base_msat": 0,
            "fee_proportional_millionths": 0,
            "cltv_expiry_delta": 34
         }
      ]
   ],
   "payment_hash": "eda88c6c5de9916d9a9530e3274df0e06ef5e2811f8f676ba8caf37c6c50ef1f",
   "signature": "3044022054085601153fcf15b145d64f73d5a9235f867e25091551daa59602fe79fb5b8d022079249349a36df5952e3cf6fde135eaaa1b89cc50012c08c721e68ed156745fae",
   "valid": true
}

Easy to generate similar invoice using webLN at https://ln.anyone.eu.org/meta1.html (which makes Albi generate an invoice to anyone@ln.anyone.eu.org).

It still works well with coinos.io and stacker.news.

[bumi]

what do you use as invoice description?
If I read that PR correct then it adds a hash of the description to the description hash?
LNURL request the bolt11 description hash to equal the hash of the LNURL metadata.

can you confirm that e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 is the hash of your LNURL metadata? Can you provide that metadata here?

[jsarenik]

Yes, that's an empty description:

$ printf "" | sha256sum                                                        
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855  -

[jsarenik]

Another example. The invoice was triggered via LNURL by Albi:

$ lightning-cli decode lnbc1230n1p3ygeqrpp5zrkw0q6y65jt78p9zm5tk4y6mxvkkpgs4yzmj3m8zsqnrwjlpfeqhp5n7rdpqvgf37ktx30a2sv2kkszk3m7ncm9v9cytx3t4kptv8spgyqxqyjw5qcqpjsp5ryssw8nyt90gpthrnnpknhmmz754vy9ape9v0cpmy249l7dw4d8srzjqw87r0vkddwtq4zevdysccc74gvjfckycr4yulwtt4zc9g087tc62zc7puqqpvqqqyqqqqqqqqqqqqqqyg9qyysgqg62kdy69uyumte06ptqg0t644knwqdzzsyglsvtlnlef604kc5eyf4sq59ltnprcc5pjwu85q3ygx90ezthxggs2t566vvzsqeqj9ngq30954y
{
   "type": "bolt11 invoice",
   "currency": "bc",
   "created_at": 1648649219,
   "expiry": 604800,
   "payee": "032de5c0f28f9d7d10c0c0b5ec92e83f9bf40def2bf40181c0f4330c57e58a8605",
   "msatoshi": 123000,
   "amount_msat": "123000msat",
   "description_hash": "9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08",
   "min_final_cltv_expiry": 18,
   "payment_secret": "1921071e64595e80aee39cc369df7b17a95610bd0e4ac7e03b22aa5ff9aeab4f",
   "features": "024100",
   "routes": [
      [
         {
            "pubkey": "038fe1bd966b5cb0545963490c631eaa1924e2c4c0ea4e7dcb5d4582a1e7f2f1a5",
            "short_channel_id": "728591x176x1",
            "fee_base_msat": 0,
            "fee_proportional_millionths": 0,
            "cltv_expiry_delta": 34
         }
      ]
   ],
   "payment_hash": "10ece78344d524bf1c2516e8bb549ad9996b0510a905b94767140131ba5f0a72",
   "signature": "304402204695669345e139b5e5fa0ac087af55ada6e034428111f8317f9ff29d3eb6c532022044d600a17eb98478c5032770f404488315f912ee64220a5d35a63050064122cd",
   "valid": true
}

This invoice is recorded like this with CLN:

$ lightning-cli listinvoices lnurl-generated-12541-test
{
   "invoices": [
      {
         "label": "lnurl-generated-12541-test",
         "bolt11": "lnbc1230n1p3ygeqrpp5zrkw0q6y65jt78p9zm5tk4y6mxvkkpgs4yzmj3m8zsqnrwjlpfeqhp5n7rdpqvgf37ktx30a2sv2kkszk3m7ncm9v9cytx3t4kptv8spgyqxqyjw5qcqpjsp5ryssw8nyt90gpthrnnpknhmmz754vy9ape9v0cpmy249l7dw4d8srzjqw87r0vkddwtq4zevdysccc74gvjfckycr4yulwtt4zc9g087tc62zc7puqqpvqqqyqqqqqqqqqqqqqqyg9qyysgqg62kdy69uyumte06ptqg0t644knwqdzzsyglsvtlnlef604kc5eyf4sq59ltnprcc5pjwu85q3ygx90ezthxggs2t566vvzsqeqj9ngq30954y",
         "payment_hash": "10ece78344d524bf1c2516e8bb549ad9996b0510a905b94767140131ba5f0a72",
         "msatoshi": 123000,
         "amount_msat": "123000msat",
         "status": "unpaid",
         "description": "test",
         "expires_at": 1649254019
      }
   ]
}

The description test matches perfectly the description_hash:

$ printf "test" | sha256sum
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08  -

[fiatjaf]

Read https://github.com/fiatjaf/lnurl-rfc/blob/luds/06.md, @jsarenik.

The "metadata" field is this JSON string which is an array of properties. That is what should be hashed for the description_hash. The wallet will check if bolt11.invoice_description == sha256(metadata).

[jsarenik]

@fiatjaf at https://github.com/fiatjaf/lnurl-rfc/blob/luds/06.md#wallet-to-service-interaction-flow in point 7 writes that h tag in provided invoice… what's is that? I do not see any h tag inside the invoice generated by coinos.io or stacker.news, not even zbd.gg.

I also do not understand the meaning and flow of https://github.com/fiatjaf/lnurl-rfc/blob/luds/06.md#notes-on-metadata-for-server-side-lnurl-pay and need more explanation on that.

Example invoice generated for fiatjaf@zbd.gg follows:

{
   "type": "bolt11 invoice",
   "currency": "bc",
   "created_at": 1648655484,
   "expiry": 300,
   "payee": "0251fff168b58b74e9b476af5a515b91fe0540a3681bc97fbb65379a807aea5f66",
   "msatoshi": 21000,
   "amount_msat": "21000msat",
   "description_hash": "b66fde4e4d981bce733f07eb743ce9a322905e448d83101ba414cf48925bcc18",
   "min_final_cltv_expiry": 40,
   "payment_secret": "d5e4b8dbb5ef4b29cc883c73efd821babf08bd6a3b947780856b7734e6f748fa",
   "features": "024200",
   "payment_hash": "079849a0ea8b40d4e1a64511a62112b7785893999223f8b0dc3f187ed8fe6955",
   "signature": "304502210092b7e8ddabec75f9ecac805d7bd3326ee30853e90736f2e5b4170b344151579a02206f655d61a9d875cd7e0c3ef872c265eaa93651169520b3b3086be612cf113928",
   "valid": true
}

The JSON sent by zbd.gg was this:

{
  "minSendable": 12000,
  "maxSendable": 45000000,
  "commentAllowed": 150,
  "tag": "payRequest",
  "metadata": "[[\"text/plain\",\"fiatjaf - o bramido do silêncio do diamante\"],[\"text/identifier\",\"fiatjaf@zbd.gg\"],[\"image/png;base64\",\"/9j/2wBDAAYEBQYFBAYGBQYHBwYIChAKCgkJChQODwwQFxQYGBcUFhYaHSUfGhsjHBYWICwgIyYnKSopGR8tMC0oMCUoKSj/2wBDAQcHBwoIChMKChMoGhYaKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCj/wAARCACAAIADASIAAhEBAxEB/8QAHAAAAgIDAQEAAAAAAAAAAAAABAUDBgECBwAI/8QAOhAAAgEDAgQEBAQEBgIDAAAAAQIDAAQRBRIGITFRE0FhcRQiMoFSkaHRI2Kx4QcVJEJT8DTCQ3LB/8QAGgEAAgMBAQAAAAAAAAAAAAAAAwQBAgUABv/EACsRAAICAgECBQMEAwAAAAAAAAECABEDITEEEhMiQVFhBRSxMjNxkaHh8P/aAAwDAQACEQMRAD8Azov+NuvwBVnukuFHlNGD+vI1fdG/xwim2i/sY/UxOR+hzXyfZy75Cu4jsabwrMozHIDT/wBxgOsiiIfZ5wLxMfz+Z9m6b/iVw7qCYklaEnqJFBH6UXJHwtq2dlxZjd5xy7GP2r43gvL2HBGSPQ1PNxDdxrhi68vPIoi+Bzjcg/zF8uLqW8uZAw+REPFcMcWu3kcJHhidlX23GusaRqCx20KMQVVAAVPTlXFrqZri73MclnH9av3ONVYH5SMgjoR6GvOfVz4jCj7z0X0zGAhDfE6TbzJIoZGVlPaikaub2moTwMGilZfv1qyaZxHFIAl3iNum8dP7ViFCI+2KuJbEapFb70DDMrqGVgQehByDU6OO9Vg6hQPLpWc47VErisl/WokyUtkfvVd1Dii0gna3s45r64U4ZLZdwHuelKuIdbivb2TThepZ2MPK7uN2GY/8aevc1tZ6uq2623C+lSSxjkJXXw4/ck8zRlx0LIlC3tJX4pWIj/MNOvLRPxOnL86QalxwJgINLh/1DZBeVhsT19abz8P3Opgvr988uelvbnZGv7muYcVaM2k3TmCbxLbftUn6h7/vTOFMTGvWUcsBcr8CeDLFz65FO7Z+Xell4hXwzg/K1H2gOKfd7FzsaUajGNznBNEq67cMOVCJzIxipckEignJGRjnmtbYyB2jTcDkHGKMtZVhBimYiBjlW/4z+xoNe+a3yWXa3P7UFj3cy4UDiNWj8M7WUg9R2I71kIPI+/KhdOnaNRFODJB0Az8y+xqwxaLIYYp4WWW2l+mVfI/hbsfSlnPbzDDejFklzdx2UsEEzqsi4wDimPC9vdPbsj6zd286t8q8iuPY0whsIYo8kB3/ABVpPbjxAykqw6MP6GgfcWKElsAbmN1sNYH065n/AO1stLeJbfUbLRbq5n1u5kKABI4kWMMxOAOXPqaki1h7FP8AWYEQON+eX9qr3GPF9jd28FtZ7pXWeOVyRhcKc4z50XD3Owof4ieXH4fJlt0XhywsIIWlto5rzaDJLKNxLeeM9OdPCQFwp5dq5TDx7qH+YCaURPb55wquBj0PXNdA0vV7bVLQT2kgZT1U9VPY1OXHkXbQasDoSXVLoW1q7n6ui+9c/wBQlVg+/BB6g+dWDie8zIsQPJRk+9c/1i88RjEhBHUkUTBjLGc7douP73TYp4pEkjDKwxuA5ik+kWkPiSWd2Cl1ET0P1r5EVdvhsLgg5pVrOii9QTQ5S5j+ll5E+lAx59dpOjNBse+5RuCHRUAzG5x7VhtFnxldrD8q1sNSvbfKXVu1wq9Wi5OPcUxh4gsTkO0kXcOmKknMONyQ2P11FUmnXEX1RMR6DNYjtGY4KkE+nOrPDqNrMoKzIR3zTC2RJiGjZHX+XmKo3UOo8whFVW4MR2WkAEGYcu3Q/erBpZaxmG1CIJMLNF5OvcdmHUGiFhAYEjmKmupoNMa3e6UyTSc4bYfVIe57L60qMr5GkuqhdwHXJItM+JNy4CW5O4gfrj1yKomqcXuRtsIQgHLfJzJ+3SrbxRZzaxYXMUsgE8reIXHTdnOPauRXUUtrcPb3KlJUOCDT/RYcWSydmK9TkyIBUmvdRuLti1xK8jepoIOc5rVuVa5rXVQNCZbMSbMl34o7StZutLuhPaSbW6FTzVh2IpUWr0K+JJgnAHMmpKgijK3XEvWscRW2o6fFNBE0d1ISJVJyB7d6q+7LEmoi+eQwB2FC3txtTw1PNuvoKomMIKEh3Lczvph3rnbj3rAt1YlXwPUGjpo8kcjj08q28IbflUHv615oibwMqnEUFpYQG5nZg4OEZOTk9sedK44+I5oFlS3to426LLguR6imtnD/AJ1xVPNLk2mn/wAONT08TzP/AH0qzPZ5A35K9cjyoxfwQFIs/MqCX36ShPLJAQNX0WN4+hkijBx9sUXbafpc4E2l38tpL1Gxzj2Kmrx8MxT5cSD1ODVZ1nh4SObizX4a6HM4Hyv7ioXOGNfp/H9S5x18w/h+e5tRd3GveHJZWkfieNH/APIc4CkepoSKU6zrl1qMjCQKAieWM9hWOFdattOvprHX42tYrpPBlwcoefJ17EGtNc0Gbhq7X4eYxK43w3AOYZ1/9T3HT0o5xeU1on+oAPT73D76ZLe2eWU5SNSzcu1cq4l1GPVbhZDbJGi5A5/MR6mn2pXja5qEdrd3Agij+WVEP1MPPPQj26UwtOENMR/FYSSj/arPuX3Hf71bAE6XzZOZOUt1HlTicuLfOVyT2OOorU5866fxJw7b6jbAQhY7mNcRkDHLsR2/pVLt+Gr6WTF0hgQHBJGSa0cXVo62dRHJ0jq1DcQElmCrzY9KJQeGm0HJ6k9zTHUUtrQm2swCB9ch6se2e1LSe9Moe4XFsg7TUxLKI0LHypcWLsWPMmp5pEkViWGF8v2oeNgRkHIq4gjPp2CZWVScjHIipZHIJIRmwM0EN3TaB3bNG25wwAwR55GcivNkVNy7iLgG2L6TNPGy+LJcOXB86s7IdmA2048+lVng5hZXeo2D4DxzMwH4lPn/AN71ZC43HHPP5j7VTqf3CZbF+kCaxq0OCRlT1xXrnaU+bmvlkdPvW0mUBKkEHtzFJLnXA0jWumQteSqcPtOI0P8AMx5D7UsFLHUPdcyDWtLivoWV1Vg3MZ6g9waC4b19NPjPDvE7ltMkO2GVhlrZvIjuvpWmsXF5Z27yalex20Z5iG1TczHsGb9qqMME+oSmS4ebJ5ruy20eQ5DrWl0wIU9x1F8w7joblin4TutImuoJ2hnDNvXIyk6Ho6ny+3SgHnn0yJmt2kAT6reUZP2Pn/X1p9o+q2raWmi6xLLBAv8A49xgmSzb3P1RnzHlVV4kj1W11SXT7yWB5wuFmikBSZDzBHqc/vTONPEfzHUXyP4a1W4sueIblpjMXweRJb/87D0qXUOJJHsWRYvCuH5bgeQHcUhvI3hYxzoyN+FhignYmnzhR6JHETGd0ujzNXOc1vaQiaUeJkRDq2OXtUDk9FGSelGLc2fwQitmcTSEIVf/AG9znpRH0NQSCzZgUGnLfXfg2+4KxYgAbjgc+nmcUZd8MtaWdxNmWV1banh4G0DqWHP9M+9F2Vr8KIZoJ5Y7+Nx8qdFXruBpjeX8lxbr8DvUIM71TO5s4249zj70I5GsATmX1M6qkzbwjYU9x0NGxOEdSp8+uaVRRlT8shZF655lf7UYjIu1WCsvUOvlWIxBmuBA9Xs5op4r7T8fGJ8rKTykXsfWtYOKLeIbb+J7aUfUrqf0pmz5dUxjH+4eftSXX7sC3S0gRZby5YpHuGQvdvYCoWnpWFyT5diA67xPaXlx8Kl00Nmq5lkQHfJ/IO3qaHj195bZbbQNPmEf0hiu1ff+9MorO1gtorGBEyF/iOVGSPM57mmPhJHHHGiKEAwMcjUs2NQAF/73llDHZMr1pok9xcC41aR5ZRzCg5C1YDax+GCgC7PLy/tU5KIMciB5Uv1nUI9PtHuJH+Reg82PkBQSz5WAhR2oIi4tuobSBX6XjckUcwR559KpCusluSZz8QmSyvyyP5f2rTWtSkurh7ibLSOcKo6Adh6UEAfqPUjp2rd6fB4aAHmZHUZvEbXEkuZ5JyviuzbRtXJzgdqFapGrMFs907LGM7RubHXFNaAi3Ji2VpviE2ZUeR70z0aBlvkk8FZwc5U9G7174ZwwBGSMgAjIzTLToRbIlzfRt/AcBMNjf6Y/XNDdtSw1CpI4hCojQK/iFhs+kc+WDUGq3DCLwmbwoEffuX6t2C3I/lTXTEnlt7hvh0343YU4Ug/oPOq5xNevMz7yrEMy9OYyPPvigILapLHVzsEcjiMKcIxIxgDmPejZuTqIyyLjcTnNKURXiVn5sOQPlRVrIseMhD8uN5GcVjsJrXDWmS1t5JrgqIUBYsOWBVf0wG5S51m7xvlXbEhODHH5D3PWsa/Ib+7ttKRh4Z/jXG3yUHkv3NEOhe6itlXKRje46ewz0/OrKvavyfx/uRdn+JNaROsZklB8R/q5c19Pyop22bWHMDoetbSxnAZSyny5ZGPUVHKwUozKARzwOZPqO9BvuMKDUinlWKKSV2C7V3Ek9AP7VzjiDWZtVuAWOII8iNP/AGPqaYcXayLuX4O1cG3jPzuvSRv2FKbnTWh0i3vpJwpnYiOLbkso6nNavSYBjAd+TEeozd3lXiKZBuPtWCeXOpHXaBih45SzyLIpXA+U960YiZJBC9xPHDCN0kjBVHqaP4l4X1PQJkuQTLBy23EWflPY9v6GhdNnmtJxdxBfk5YYZBB61ZOI+K21DQYbWzeSENkXEZ54XtnzBobM/cAvEsAK3zFFhem5QeLFiUMAZEXkc+nkaYtp80EaJbEuR80yuOWD2+1MrnSb/hmzt4ZokgluoPGUb1cSr54P4hnpU2n/AA80kkl68iNKASYzlVbpzHkMdcUB29RxJAJgerTT6VZyEYgBjCoAAG3diPMczVM0vR9S1uZo9Ls5rox/M/hj6c9Mk8qc8XyzSyskk4kWBjtx07HH5Um0vU4YbC8sLuOU285WRXhfa6SKDg+owcEflRsIIWxzBO1mvSdiwULBlzGTzx5VuvhxrmRhsAyG7j9618UFcouR+IcwfQ+lJ9fuhBpd0oUqXGEB5g57GsYKWNTXuhcxw+fFF1fzKCbp2K5/CvQf1pjpTH4eS4wplmckE5yO1BTqLPR4oEYbgixggdT/ANzTK0AhtkUITtGOVTkN2feSgoVDkldAjlsbuoz19hVa411V7eP4OBwWlG4tjmg9D3NPmYqys55r35nNItX0yC/3MSVn/wCTuPaq4O0OGbidk7ipCzn8rbF5fYVrNNIyRK8hwgwBnkoz0H3r2qN8HdyQPhgp+odQe4rV/DcQyKylCebCt0GxcyjYNQmxYXDfDsu7PTPJgfTv7Vq9kfi1jLZiPNmXqFzg+1R3UkUU6pbt4gU53gYNZe5kEzSxld7DnuUGu2eJFj1mupFreR7cFCqMV3IMbh3o2z0p7yyF0kYEKuEVDyMhAyefp50l/iy3B3sS7nLHvV+06eRNOggldEhClYmwBtHPOT78/WhuSgFTu4MdwOWOdY0m1SaS4ZVCRjcWCL549B2FTWmJmUoyrywGz1P/AHyqDTL50aODIuYWJSOReqn38u+DQ+h3F7p3EK3enwiSSLcQrA7CCMEnp+lDq7uW7qgmqRrtPnkfnSHU7G3C2r205kkkXMibcbGzjb6mrvrUKzzyvI4Ny+6WUKm1VJOeQ7c6U2VkqyNIAC4GV5Zy3QD8zV8eShKFbM//2Q==\"]]",
  "callback": "https://api.zebedee.io/v0/process-static-charges/1f561267-6b24-4f2e-bb6b-5cd162727840",
  "payerData": {
    "name": {
      "mandatory": false
    },
    "identifier": {
      "mandatory": false
    }
  },
  "disposable": false
}

[fiatjaf]

The h tag is the description_hash, see bolt11: https://github.com/lightning/bolts/blob/master/11-payment-encoding.md#tagged-fields=

[jsarenik]

Can you please point me to some working code that is doing it properly? Any language.

[fiatjaf]

Pseudocode:

handle('/.well-known/lnurlp/username') => {
  return {
    ...,
    metadata: '[["text/plain", "my description"]]',
    callback: 'https://service.com/callback'
  }
}

handle('/callback') => {
  return {
    pr: make_invoice(description_hash=sha256('[["text/plain", "my description"]]', msatoshi=request.qs.amount))
  }
}

[fiatjaf]

I don't know the new c-lightning API works though. How are you calling it?

[jsarenik]

I call lightning-cli from shell.

$ desc=test
$ lightning-cli -k invoice msatoshi=1000 label="lnurlp-test-$RANDOM" description="[[\"text/plain\", \"$desc\"]]" deschashonly=true
{
   "code": -32602,
   "message": "description: should be a string (without \\u): invalid token '[[\"text/plain\", \"test\"]]'"
}

[jsarenik]

So c-lightning is not acceping anything but string in the description.

[jsarenik]

Pseudocode:

handle('/.well-known/lnurlp/username') => {
  return {
    ...,
    metadata: '[["text/plain", "my description"]]',
    callback: 'https://service.com/callback'
  }
}

handle('/callback') => {
  return {
    pr: make_invoice(description_hash=sha256('[["text/plain", "my description"]]', msatoshi=request.qs.amount))
  }
}

Thank you for this example @fiatjaf. I get the idea, just that description_hash should be the hash of the description. This looks like artificially setting the value (which is not yet implemented in c-lightning, or would require allowing description to contain characters which are filtered now).

[fiatjaf]

Try calling the RPC directly instead of the CLI. Does it raise the same error?

[jsarenik]

I have no idea how to call that RPC directly. Happy to learn. @cdecker?

[bumi]

If I read that linked PR correct: did you try setting the metadata as invoice description and specify the hash only attribute?

[jsarenik]

Yes, I tried setting the metadata as invoice description and specified the deschashonly attribute.

[bumi]

Yes, I tried setting the metadata as invoice description and specified the deschashonly attribute.

ah, sorry, yes missed that. does it work if you just set some random text description?

[fiatjaf]

@jsarenik:

echo '{"method":"getinfo","params":{},"jsonrpc":"2.0","id":"0"}' | nc -U ~/.lightning/bitcoin/lightning-rpc

But do it with the invoice stuff instead.

[jsarenik]

Thank you @fiatjaf, that is exactly what I was looking for. Still, it does not work as the metadata have to be put into description to get it reflected in description_hash and there I have to quote the double-quotes,

So I can not have it plain like in your example code ('[["text/plain", "my description"]]'), but rather "[[\"text/plain\", \"my description\"]]" which breaks the expected sha256 hash (there are extra backslashes, without them it reports Invalid token in json input:).

[jsarenik]

It is possible to put there single-quotes, but that will not help probably. I.e. to end up with

"description": "[['text/plain', 'my description']]",

Strange that it does not work with escaped double-quotes as the LUD shows backslashes in the example: "[[\"text/plain\", \"lorem ipsum blah blah\"]]"

[jsarenik]

I actually found the hash and was able to reproduce it manually, so the double-quotes are not the issue. Writing it down to think more about what I may be doing wrong.

First, an invoice is generated by CLN, triggered by Albi over LNURLp. The description is set to [[\"text/plain\", \"anyone\"]]. This invoice decoded looks like this:

{
   "type": "bolt11 invoice",
   "currency": "bc",
   "created_at": 1648801429,
   "expiry": 604800,
   "payee": "032de5c0f28f9d7d10c0c0b5ec92e83f9bf40def2bf40181c0f4330c57e58a8605",
   "msatoshi": 1000,
   "amount_msat": "1000msat",
   "description_hash": "5a6ede4ae913c22e0b5f00c0fd16e376893e2f1ef131e5b296b66993dced971a",
   "min_final_cltv_expiry": 18,
   "payment_secret": "1cf98aa26f31e28f9a42d2d26fe5d716b527bedd3a8cc7e8e4d3e74dd5e5aada",
   "features": "024100",
   "routes": [
      [
         {
            "pubkey": "029e3508ee0579a5aceb3bfecb01839fb1309fe67050b26d9ce9e27323fa2e66f1",
            "short_channel_id": "684650x2064x0",
            "fee_base_msat": 1000,
            "fee_proportional_millionths": 1,
            "cltv_expiry_delta": 40
         }
      ]
   ],
   "payment_hash": "b40e2b930b2282bd187e568868c2ce1c7ef7e302b2487cb876965184e43d6ed6",
   "signature": "3044022019d1e20300ebde2cdd6dffea3939e67a83fcc378a365bb3565d46ecfb3b56eca02201d31fd4d3b1cc4ee69965c3fbb35bf2f5ada38469cc60528ebf7ed7cfa47f9e3",
   "valid": true
}

Now I do the sha256 checksum (note the \" becomes " because of printf, opposite of what I was thinking, so the result actually matches the example code provided by @fiatjaf):

$ printf '[[\"text/plain\", \"anyone\"]]' | sha256sum
5a6ede4ae913c22e0b5f00c0fd16e376893e2f1ef131e5b296b66993dced971a  -

The result is the same hash as the description_hash in the decoded JSON above. Now I need to figure out what am I doing wrong that Alby still reports "Invalid invoice".

[jsarenik]

@bumi How to see some debugging of the Albi browser extension? And yes, I was trying to set random text description as well.

[fiatjaf]

How are you testing this in Alby?

[jsarenik]

I am testing exactly as described in the reproduction steps in the beginning of this issue.

As for debugging on my side, you can see the static .well-known file, the source of lnurl.sh and its last JSON output for your originating IP which stays the same after being generated until paid or for 1 minute (whichever comes first).

[jsarenik]

@bumi So my question is: what is Alby exactly checking the sha256sum against (with examples please)? My content of description_hash matches exactly the hash of [["text/plain", "my description"]] and the invoice is still deemed invalid.

[bumi]

if this is the lnurl-pay response: https://ln.anyone.eu.org/.well-known/lnurlp/anyone

metadata":"[["text/identifier", "anyone@ln.anyone.eu.org"], ["text/plain", "anyone"]]"

then I think it checks the hash of [["text/identifier", "anyone@ln.anyone.eu.org"], ["text/plain", "anyone"]] - the hash of the stringified version of the metadata JSON.

does that help? do you include the text/identifier?
this seems to be missing here: https://github.com/jsarenik/bitcoin-faucet-shell/blob/master/cgi-bin/lnurl.sh#L72
at least it is not using the same metadata as returned by the lnurl-pay JSON response.

[jsarenik]

@bumi Yes, that was it. Thank you!

[bumi]

great! happy we could solve it and it works! 👍